Sujet Précédent Sujet Suivant

Avast win 32 invalide

Fermé
pitchsoso Messages postés 38 Date d'inscription samedi 23 février 2008 Statut Membre Dernière intervention 17 mars 2010 - 15 mars 2010 à 15:28
neo*** Messages postés 3110 Date d'inscription samedi 14 février 2009 Statut Contributeur sécurité Dernière intervention 9 août 2021 - 17 mars 2010 à 17:38
Bonjour,
bonjour voila j'ai voulu faire ma maline et j'ai télécharcher des fichiers hackers et depuis plus d'avast antivirus
ne plus faire de rapport hijack this quelqu'un peut il m'aider merci
A voir également:

24 réponses

Précédent
  • 1
  • 2
Réponse 21 / 24
pitchsoso Messages postés 38 Date d'inscription samedi 23 février 2008 Statut Membre Dernière intervention 17 mars 2010
16 mars 2010 à 22:03
ComboFix 10-03-16.01 - Jacky 16/03/2010 21:33:00.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.384.147 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacky\Bureau\C-FIX.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jacky\Local Settings\Temporary Internet Files\TestBrowser.html
c:\program files\Error Repair Professional
c:\program files\Error Repair Professional\Backups\Backup_0-50-1_4-10-2009.reg
c:\program files\Error Repair Professional\Backups\Backup_0-56-22_4-10-2009.reg
c:\program files\Iminent\SaveMoney\tbHElper.dll
c:\program files\QUAD Utilities
C:\WGASetup.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system32\acpceoef.ini
c:\windows\system32\apehixtc.ini
c:\windows\system32\arisrnpe.ini
c:\windows\system32\djxmsnkk.ini
c:\windows\system32\dnsayjqp.ini
c:\windows\system32\edplvfyi.ini
c:\windows\system32\eulqtsfr.ini
c:\windows\system32\hjjlm.ini
c:\windows\system32\hsgmphsv.ini
c:\windows\system32\hsqfyldt.ini
c:\windows\system32\iaclbutq.ini
c:\windows\system32\indfgfhv.ini
c:\windows\system32\kqrhfmqe.ini
c:\windows\system32\ohmgqemb.ini
c:\windows\system32\ougrymgb.ini
c:\windows\system32\pwcxaihm.ini
c:\windows\system32\qbcskjrw.ini
c:\windows\system32\rupoqyqy.ini
c:\windows\system32\seukiidt.ini
c:\windows\system32\shqeouvx.ini
c:\windows\system32\sibyotyp.ini
c:\windows\system32\SIntf16.dll
c:\windows\system32\srjbtvmv.ini
c:\windows\system32\tbosdetl.ini
c:\windows\system32\tjuvfyxv.ini
c:\windows\system32\tphcowxj.ini
c:\windows\system32\uhynapse.ini
c:\windows\system32\uwstuvnv.ini
c:\windows\system32\vhikgqgd.ini
c:\windows\system32\vugrbmpb.ini
c:\windows\system32\widobccx.ini
c:\windows\system32\woijvlpd.ini
c:\windows\system32\wquxrfkt.ini
c:\windows\system32\wsxcxobl.ini
c:\windows\system32\xowrlpol.ini
c:\windows\system32\yhsjcunk.ini
c:\windows\system32\yjdurafu.ini
c:\windows\system32\yuivbxis.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-16 au 2010-03-16 ))))))))))))))))))))))))))))))))))))
.

2010-03-16 11:26 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 11:25 . 2010-03-16 11:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 11:25 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 23:02 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-15 23:02 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-15 23:02 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-15 23:02 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-15 23:02 . 2010-03-15 23:02 -------- d-----w- c:\program files\Avira
2010-03-15 23:02 . 2010-03-15 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-15 22:46 . 2010-03-15 22:46 1220 ----a-w- C:\FindyKill_Upload_Me_PC.zip
2010-03-15 14:36 . 2010-03-16 19:38 -------- d-----w- c:\program files\ZHPDiag
2010-03-15 14:01 . 2010-03-15 14:01 -------- d-----w- c:\program files\Alwil Software
2010-03-15 14:00 . 2010-03-15 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-15 13:46 . 2010-03-15 22:46 -------- d-----w- C:\FyK
2010-03-02 13:44 . 2010-03-02 13:44 -------- d-----w- c:\documents and settings\Jacky\Application Data\com.mstv.Carrefour50Widget.14E181C9F98C97743205250D618D6563C1965D9A.1
2010-03-02 13:43 . 2010-03-02 13:39 38784 ----a-w- c:\documents and settings\Jacky\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-02 13:43 . 2010-03-02 13:43 -------- d-----w- c:\program files\Widget Carrefour PROMOLIBRE
2010-03-02 13:43 . 2010-03-02 13:39 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-02 13:43 . 2010-03-02 13:43 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-02-28 10:02 . 2010-02-28 10:12 -------- d-----w- c:\documents and settings\Jacky\Application Data\Download Manager
2010-02-28 09:55 . 2010-02-28 09:56 -------- d-----w- c:\documents and settings\Jacky\Application Data\GARMIN
2010-02-28 09:55 . 2010-02-28 09:55 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-02-28 09:54 . 2010-02-28 09:54 -------- d-----w- c:\program files\DIFX
2010-02-28 09:54 . 2010-02-28 09:55 -------- d-----w- c:\program files\Garmin
2010-02-26 18:34 . 2010-02-26 18:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-24 18:25 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-23 17:59 . 2010-02-23 17:59 -------- d-----w- c:\documents and settings\Jacky\Local Settings\Application Data\ABBYY
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-15 20:58 . 2010-02-15 20:58 -------- d-----w- c:\documents and settings\Jacky\Application Data\Apple Computer
2010-02-15 20:52 . 2010-02-15 20:52 -------- d-----w- c:\documents and settings\Jacky\Local Settings\Application Data\Apple
2010-02-15 20:52 . 2010-02-15 20:52 -------- d-----w- c:\program files\Apple Software Update
2010-02-15 20:52 . 2010-02-15 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-15 20:52 . 2010-02-15 20:52 -------- d-----w- c:\documents and settings\Jacky\Local Settings\Application Data\Apple Computer
2010-02-15 20:30 . 2010-02-15 20:30 -------- d-----w- c:\documents and settings\Jacky\Local Settings\Application Data\Geckofx
2010-02-15 20:29 . 2010-02-17 06:40 -------- d-----w- c:\documents and settings\Jacky\Application Data\OpenCandy
2010-02-15 20:27 . 2010-02-15 20:28 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-15 12:48 . 2010-02-15 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESTsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 20:48 . 2010-02-12 14:45 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-03-16 12:37 . 2010-01-25 17:40 -------- d-----w- c:\program files\FunkyEmoticons
2010-03-15 22:42 . 2002-09-07 00:00 609376 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-15 22:42 . 2002-09-07 00:00 126806 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-15 21:11 . 2008-12-07 19:34 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-15 18:55 . 2010-02-13 15:30 -------- d-----w- c:\program files\uTorrent
2010-03-15 06:52 . 2010-02-13 15:29 -------- d-----w- c:\documents and settings\Jacky\Application Data\uTorrent
2010-03-09 18:38 . 2009-10-19 07:29 -------- d-----w- c:\documents and settings\Jacky\Application Data\Skype
2010-03-09 18:26 . 2009-10-19 07:31 -------- d-----w- c:\documents and settings\Jacky\Application Data\skypePM
2010-02-23 17:59 . 2010-02-12 15:46 -------- d-----w- c:\documents and settings\Jacky\Application Data\Epson
2010-02-23 17:59 . 2010-02-12 15:04 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-02-23 17:57 . 2006-02-07 18:46 -------- d-----w- c:\program files\Google
2010-02-13 15:29 . 2006-02-07 19:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-13 15:28 . 2010-02-13 15:28 2380538 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-12 16:03 . 2010-02-12 16:03 -------- d-----w- c:\documents and settings\Jacky\Application Data\KodakCredentialStore
2010-02-12 15:48 . 2010-02-12 15:48 -------- d-----w- c:\documents and settings\Jacky\Application Data\Skinux
2010-02-12 15:17 . 2010-02-12 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-02-12 15:08 . 2010-02-12 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2010-02-12 15:07 . 2010-02-12 15:05 -------- d-----w- c:\program files\Epson Software
2010-02-12 15:07 . 2010-02-12 14:56 -------- d-----w- c:\program files\epson
2010-02-12 14:46 . 2010-02-12 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-02-12 14:46 . 2007-11-11 12:32 -------- d-----w- c:\documents and settings\Jacky\Application Data\ArcSoft
2010-02-12 14:45 . 2010-02-12 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-02-12 14:45 . 2010-02-12 14:43 -------- d-----w- c:\program files\Fichiers communs\ArcSoft
2010-02-12 14:43 . 2010-02-12 14:43 -------- d-----w- c:\program files\ArcSoft
2010-02-12 14:43 . 2010-02-12 14:38 -------- d-----w- c:\program files\Kodak
2010-02-12 14:42 . 2010-02-12 14:40 -------- d-----w- c:\program files\Fichiers communs\Kodak
2010-02-12 14:36 . 2010-02-12 14:36 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2010-02-12 14:36 . 2010-02-12 14:36 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2010-02-12 14:36 . 2010-02-12 14:36 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2010-02-12 14:35 . 2010-02-12 14:35 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2010-02-12 14:34 . 2010-02-12 14:34 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2010-02-12 14:34 . 2010-02-12 14:34 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_1383829\EasyShrx.Dll
2010-02-12 14:34 . 2010-02-12 14:34 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.2.30.1.dll
2010-02-09 17:23 . 2010-02-09 17:23 8905184 ----a-w- c:\documents and settings\Jacky\Application Data\OpenCandy\WeFiSetup_5_142_513.exe.exe
2010-02-09 15:10 . 2010-02-09 15:10 50354 ----a-w- c:\documents and settings\Jacky\Application Data\Facebook\uninstall.exe
2010-02-09 15:10 . 2010-02-09 15:09 -------- d-----w- c:\documents and settings\Jacky\Application Data\Facebook
2010-02-08 19:52 . 2010-02-08 19:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-08 19:46 . 2010-02-08 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-02-08 19:46 . 2010-02-08 19:46 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-08 16:44 . 2010-02-08 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MissTeriTale2
2010-02-08 16:22 . 2010-02-08 16:22 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-08 14:47 . 2009-12-19 20:47 -------- d-----w- c:\documents and settings\Jacky\Application Data\ElementalsTheMagicKey
2010-02-07 18:00 . 2009-11-03 12:42 -------- d-----w- c:\program files\FACTOURE
2010-02-04 13:03 . 2010-02-04 13:03 -------- d-----w- c:\documents and settings\Jacky\Application Data\VampireSaga
2010-02-04 09:01 . 2010-02-06 21:48 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-06 21:48 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-06 21:48 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-06 21:48 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Jacky\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Jacky\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-02-01 19:05 . 2010-02-01 19:05 -------- d-----w- c:\program files\WinAce
2010-02-01 14:41 . 2010-02-12 14:34 2635152 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_1383829\Setup.exe
2010-01-25 17:40 . 2010-01-25 17:40 -------- d-----w- c:\documents and settings\Jacky\Application Data\FunkyEmoticons
2010-01-24 08:21 . 2009-05-03 08:25 -------- d-----w- c:\program files\Iminent
2010-01-23 09:13 . 2009-12-26 07:48 -------- d-----w- c:\program files\SweetIM
2010-01-23 09:13 . 2009-12-26 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2010-01-20 19:21 . 2010-01-20 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Toolbar4
2010-01-20 08:10 . 2009-01-01 16:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 16:44 . 2009-09-14 20:08 -------- d-----w- c:\documents and settings\Jacky\Application Data\Playrix Entertainment
2010-01-18 07:48 . 2006-02-07 19:16 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-16 17:57 . 2010-01-16 17:57 84 ----a-w- c:\documents and settings\Jacky\Local Settings\Application Data\GLF12B.tmp
2010-01-07 06:14 . 2009-04-14 17:17 106496 ----a-w- c:\windows\DUMP6e1b.tmp
2010-01-07 06:12 . 2009-04-14 17:17 106496 ----a-w- c:\windows\DUMP6e79.tmp
2010-01-05 13:18 . 2006-02-09 19:01 94720 -c--a-w- c:\documents and settings\Jacky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 10:55 . 2010-01-04 10:55 73884 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-02 16:07 . 2008-11-15 22:08 1 ----a-w- c:\documents and settings\Jacky\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-31 16:50 . 2002-09-07 00:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 18:39 . 2010-02-12 14:38 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2010-02-12 14:38 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-21 19:07 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-08-19 23:09 347648 ----a-w- c:\windows\system32\mspaint.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9929B6-0791-4208-B41A-91C6ABFD9027}]
2009-08-07 00:41 2722304 ----a-w- c:\program files\Iminent\SaveMoney\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D1121FE0-0145-44C9-AA35-72071AC20A9B}"= "c:\program files\Blingee Plus\blingeetb.dll" [2009-10-21 2715136]
"{76985346-BDA2-4B2E-A727-956D7B8B012E}"= "c:\program files\Iminent\SaveMoney\tbcore3.dll" [2009-08-07 2722304]

[HKEY_CLASSES_ROOT\clsid\{d1121fe0-0145-44c9-aa35-72071ac20a9b}]
[HKEY_CLASSES_ROOT\BlingeeTb.BlingeeTb.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\BlingeeTb.BlingeeTb]

[HKEY_CLASSES_ROOT\clsid\{76985346-bda2-4b2e-a727-956d7b8b012e}]
[HKEY_CLASSES_ROOT\SaveMoney.SaveMoney.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SaveMoney.SaveMoney]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{76985346-BDA2-4B2E-A727-956D7B8B012E}"= "c:\program files\Iminent\SaveMoney\tbcore3.dll" [2009-08-07 2722304]

[HKEY_CLASSES_ROOT\clsid\{76985346-bda2-4b2e-a727-956d7b8b012e}]
[HKEY_CLASSES_ROOT\SaveMoney.SaveMoney.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SaveMoney.SaveMoney]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-09-07 251336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MaxRecentDocs"= 16 (0x10)
"HonorAutoRunSetting"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe"
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"EPSON SX110 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "c:\windows\TEMP\E_S1BD.tmp" /EF "HKCU"
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WorksFUD"=c:\program files\Microsoft Works\wkfud.exe
"Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"Microsoft Works Portfolio"=c:\program files\Microsoft Works\WksSb.exe /AllUsers
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
"USB Storage Toolbox"=c:\program files\USB Disk Win98 Driver\Res.EXE
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"ArcSoft Connection Service"=c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
"EEventManager"=c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MyGarminAgent"=c:\program files\Garmin\MyGarminAgent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\bfgclient\\bfgclient.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\emule\\emule.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/09/2009 23:40 691696]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16/03/2010 00:02 108289]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Player Metaboli\X4HSX32Ex.sys [20/10/2009 10:18 29856]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [11/11/2008 18:52 21344]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/02/2010 17:59 135664]
S3 avshws;YouUp Simulated Hardware;c:\windows\system32\drivers\youup.sys [27/04/2009 15:57 57472]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [11/11/2008 19:39 162176]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [10/09/2007 18:16 379456]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2010-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-16 11:21]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 16:59]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 16:59]

2010-03-16 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 13:04]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://google.fr/
mWindow Title =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.11\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.11\MediaManager\grab.html
TCP: {4450F113-8487-4083-8D1F-7908C3A310BB} = 192.168.1.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265728183187
DPF: {4DD20514-9520-40A7-9CD6-66883643A20B} - hxxp://www.boaki.com/download/uviLaunch.cab
DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
DPF: {D1121FE0-0145-44C9-AA35-72071AC20A9B} - hxxp://downloads.blingee.com/toolbar/blingeeplus_setup_a_1.0.0.5.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{676807d0-dc3c-f723-27d1-6b1399c4a8df} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-wvussrp - wvussrp.dll
AddRemove-Funky Emoticons - c:\program files\FunkyEmoticons\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 21:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sphi.sys >>UNKNOWN [0x82F93938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7668f28
\Driver\ACPI -> ACPI.sys @ 0xf74bfcb8
\Driver\atapi -> sfsync02.sys @ 0xf76358b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3276)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msls31.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\pctspk.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-03-16 22:00:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-16 21:00

Avant-CF: 20 059 320 320 octets libres
Après-CF: 20 229 144 576 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

- - End Of File - - 3FC1D9633D2AC4A65967D04660C4AE31
0
Réponse 22 / 24
neo*** Messages postés 3110 Date d'inscription samedi 14 février 2009 Statut Contributeur sécurité Dernière intervention 9 août 2021 194
17 mars 2010 à 14:19
• Télécharge Load_tdsskiller (de Loup Blanc) sur ton Bureau
• Lance load_tdsskiller
• L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
• A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
0
Réponse 23 / 24
pitchsoso Messages postés 38 Date d'inscription samedi 23 février 2008 Statut Membre Dernière intervention 17 mars 2010
17 mars 2010 à 17:23
il a fait une analyse mais rien de noter dans le rapport!!!
0
Réponse 24 / 24
neo*** Messages postés 3110 Date d'inscription samedi 14 février 2009 Statut Contributeur sécurité Dernière intervention 9 août 2021 194
17 mars 2010 à 17:38
ok, c'est bon

on va vérifier autrement :

/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\

• Rends toi sur cette page, et clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par une infection)
• Lance Gmer
• Dans l'onglet "Rootkit", clique sur "Scan" puis patiente.
• A la fin, clique sur "Save" et enregistre le rapport sur ton Bureau.
• Héberge le rapport et poste le lien correspondant dans ta prochaine réponse.
0

Discussions similaires

Hameçonnage ce soir 499 euros pour abonnement Avast
Colette34 -
Gerper -

2 réponses
DRI Avast software
Franoise -
bazfile -

18 réponses
arnaque de avast prelevement sans autorisation
petit -
Brijoue -

14 réponses
Problème invalide captcha
idirhicham -
pistouri -

7 réponses
nom utilisateur invalide
tournesol13 -
tournesol13 -

3 réponses