Nettoyer mon pc des virus
Fermé
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
-
8 janv. 2009 à 20:01
Paris91 Messages postés 30 Date d'inscription jeudi 8 janvier 2009 Statut Membre Dernière intervention 15 janvier 2009 - 15 janv. 2009 à 17:28
Paris91 Messages postés 30 Date d'inscription jeudi 8 janvier 2009 Statut Membre Dernière intervention 15 janvier 2009 - 15 janv. 2009 à 17:28
A voir également:
- Nettoyer mon pc des virus
- Comment nettoyer mon pc qui rame gratuitement ? - Guide
- Nettoyer mac - Guide
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Nettoyer son pc gratuitement - Guide
49 réponses
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 13:40
11 janv. 2009 à 13:40
Il n' y a pas de risques , a ce que j'utilise combofix ?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 14:52
11 janv. 2009 à 14:52
cela devrait le faire!
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 16:45
11 janv. 2009 à 16:45
A la fin de l'analyse panda Il y avait seulement marqué ca :
Nous avons détecté que la protection avast! antivirus 4.8.1229 [VPS 081130-0] de votre PC est activée mais n'est pas à jour.
Vous avez besoin d'une meilleure protection pour votre PC. Les solutions Panda vous protégeront contre plus de 13 millions de virus, logiciels espions et autres menaces.
Que faut-il que je fasse maintenant ?
Nous avons détecté que la protection avast! antivirus 4.8.1229 [VPS 081130-0] de votre PC est activée mais n'est pas à jour.
Vous avez besoin d'une meilleure protection pour votre PC. Les solutions Panda vous protégeront contre plus de 13 millions de virus, logiciels espions et autres menaces.
Que faut-il que je fasse maintenant ?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 17:17
11 janv. 2009 à 17:17
fais moi combofix!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 17:25
11 janv. 2009 à 17:25
Elle dure combien de temps a peut pres l'analyse combofix ?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 17:25
11 janv. 2009 à 17:25
15 a 30 minutes
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 17:27
11 janv. 2009 à 17:27
Comment on desactive la garde en temps réel de l'antispyware ?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 17:29
11 janv. 2009 à 17:29
pour l'antispyware tu n'en as pas tu n'a qu'un antivirus : avast alors ...
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 17:29
11 janv. 2009 à 17:29
D'accord , bon je fais sa , et je te colle le rapport :)
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 17:30
11 janv. 2009 à 17:30
Je suis pas obliger de me deconnecter d'internet ?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 17:32
11 janv. 2009 à 17:32
oui
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 17:36
11 janv. 2009 à 17:36
Quand je lance combofix , une fenetre s'afiiche :
Combofix a detecté que la console de recup windiws n'existe pas sur ce pc.
vous auriez vraiment tout interet a l'installer. voulez vous le faire maintenant ?
Oui Non
Je met oui ?
Combofix a detecté que la console de recup windiws n'existe pas sur ce pc.
vous auriez vraiment tout interet a l'installer. voulez vous le faire maintenant ?
Oui Non
Je met oui ?
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 17:52
11 janv. 2009 à 17:52
Voici le rapport combofix qui n'as pas pris longtemps lol :
ComboFix 09-01-08.01 - Yoann 2009-01-11 17:57:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.633 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yoann\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\aperukot.ini
c:\windows\system32\ehekuwup.ini
c:\windows\system32\elehogif.ini
c:\windows\system32\emolusov.ini
c:\windows\system32\idewobow.ini
c:\windows\system32\idozosal.ini
c:\windows\system32\ijahajil.ini
c:\windows\system32\ilobukez.ini
c:\windows\system32\ksl48.bin
c:\windows\system32\ogikujid.ini
c:\windows\system32\seretisa.dll
c:\windows\system32\ubifadod.ini
c:\windows\system32\uwolituw.ini
c:\windows\system32\vubuvuha.dll.vir
----- BITS: Il y a peut-être des sites infectés -----
hxxp://77.74.48.105
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.
2009-01-11 13:54 . 2009-01-11 13:54 <REP> d-------- c:\program files\Panda Security
2009-01-11 13:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-10 23:42 . 2009-01-10 23:43 <REP> d-------- C:\rsit
2009-01-10 23:25 . 2009-01-10 23:37 <REP> d-------- c:\program files\Navilog1
2009-01-10 21:47 . 2009-01-10 21:47 <REP> d-------- C:\_OTMoveIt
2009-01-10 13:36 . 2009-01-11 14:22 <REP> d-------- c:\documents and settings\Morgane\Tracing
2009-01-10 00:52 . 2009-01-11 18:00 <REP> d-------- c:\documents and settings\Yoann\Tracing
2009-01-10 00:45 . 2009-01-10 00:45 <REP> d-------- c:\program files\Microsoft
2009-01-10 00:44 . 2009-01-10 00:44 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-09 22:10 . 2009-01-09 22:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 22:10 . 2009-01-09 22:10 <REP> d-------- c:\documents and settings\Yoann\Application Data\Malwarebytes
2009-01-09 22:10 . 2009-01-09 22:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-09 22:10 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 22:10 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 19:23 . 2009-01-11 12:48 <REP> d-------- c:\program files\Trend Micro
2009-01-07 21:42 . 2009-01-07 21:42 <REP> d-------- c:\program files\CCleaner
2009-01-07 20:54 . 2009-01-07 20:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-07 12:00 . 2009-01-10 21:37 <REP> d-------- c:\documents and settings\All Users\Application Data\yozuyosa
2009-01-07 12:00 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\punawuwu
2009-01-06 17:44 . 2009-01-10 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\zilebobi
2009-01-06 17:44 . 2009-01-06 17:44 <REP> d-------- c:\documents and settings\All Users\Application Data\wiwisoho
2009-01-06 17:44 . 2009-01-09 22:53 <REP> d-------- c:\documents and settings\All Users\Application Data\wimesabi
2009-01-06 17:44 . 2009-01-06 17:44 <REP> d-------- c:\documents and settings\All Users\Application Data\ruwiraje
2009-01-06 17:44 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\kakekuze
2009-01-06 17:44 . 2009-01-09 22:53 <REP> d-------- c:\documents and settings\All Users\Application Data\buvujano
2009-01-05 18:18 . 2009-01-05 18:18 2,157 --ahs---- c:\windows\system32\sizehawi.dll
2009-01-04 13:12 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\tevupiru
2009-01-04 13:12 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\rigiwoti
2009-01-03 14:31 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\yelesato
2009-01-03 14:31 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\jubetufa
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\wifufulu
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\tebudati
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\pofegohu
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\mezutilo
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\hilozepi
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\herifolu
2009-01-01 13:38 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\jakegetu
2009-01-01 13:38 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\gujayiwo
2008-12-31 11:47 . 2009-01-03 13:13 <REP> d-------- c:\documents and settings\All Users\Application Data\zozefebe
2008-12-31 11:47 . 2009-01-03 13:13 <REP> d-------- c:\documents and settings\All Users\Application Data\sapoviri
2008-12-31 11:47 . 2009-01-03 13:13 <REP> d-------- c:\documents and settings\All Users\Application Data\fomegozu
2008-12-31 11:46 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\mazimiru
2008-12-31 11:46 . 2008-12-31 11:46 <REP> d-------- c:\documents and settings\All Users\Application Data\giyesewu
2008-12-31 11:46 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\bimefili
2008-12-30 20:39 . 2008-12-30 20:39 0 --a------ c:\windows\nsreg.dat
2008-12-30 16:09 . 2008-12-30 16:27 1,283 --a------ c:\windows\eReg.dat
2008-12-30 15:58 . 2008-12-30 15:59 <REP> d-------- c:\program files\Maxis
2008-12-30 15:54 . 2008-12-30 15:54 <REP> d-------- c:\program files\directx
2008-12-30 12:43 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\zuniweto
2008-12-30 12:43 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\juhadapu
2008-12-30 11:43 . 2008-12-30 11:43 <REP> d-------- c:\documents and settings\All Users\Application Data\tadagagu
2008-12-30 11:43 . 2008-12-31 11:47 <REP> d-------- c:\documents and settings\All Users\Application Data\molugivu
2008-12-30 11:43 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\miziwiva
2008-12-30 11:43 . 2008-12-30 11:43 <REP> d-------- c:\documents and settings\All Users\Application Data\mejiyolo
2008-12-30 11:43 . 2008-12-31 11:47 <REP> d-------- c:\documents and settings\All Users\Application Data\dasofupu
2008-12-30 11:43 . 2008-12-31 11:47 <REP> d-------- c:\documents and settings\All Users\Application Data\bajawupo
2008-12-28 16:04 . 2005-07-26 13:44 20,992 --a------ c:\windows\system32\dshowext.ax
2008-12-28 16:03 . 2008-12-28 16:03 <REP> d-------- c:\program files\JL2005C
2008-12-24 14:05 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\soveveje
2008-12-24 14:05 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\gunowini
2008-12-24 11:33 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\zagubura
2008-12-24 11:33 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\torajigu
2008-12-24 11:33 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\sebajuyo
2008-12-24 11:33 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\modubelo
2008-12-24 11:33 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\gebuhobo
2008-12-24 11:33 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\funeroga
2008-12-23 12:41 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\rujamika
2008-12-23 12:41 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\gehufidu
2008-12-22 12:06 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\wamejawe
2008-12-22 12:06 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\gipunowe
2008-12-21 11:17 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\zomuhiwu
2008-12-21 11:17 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\nalayafi
2008-12-19 17:53 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\tefifohi
2008-12-19 17:53 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\mibevilo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 12:29 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-10 10:54 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-09 23:44 --------- d-----w c:\program files\Windows Live
2009-01-08 15:10 --------- d-----w c:\program files\eMule
2009-01-07 18:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-01-07 18:45 --------- d-----w c:\documents and settings\Yoann\Application Data\InstallShield
2008-12-30 15:27 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-21 00:42 --------- d-----w c:\program files\Google
2008-12-14 20:18 --------- d-----w c:\program files\DivX
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-08-21 20:53 23,232 ----a-w c:\documents and settings\Yoann\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Steam"="f:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"f:\\Program Files\\Steam\\SteamApps\\yoann91\\counter-strike source\\hl2.exe"=
"f:\\Mes Documents\\Virginie\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Google\\Google Toolbar\\Component\\GoogleToolbarManager_0531C63A913CC9D1.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\Setup\\avast.setup"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-11 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-21 78416]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-21 20560]
S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-08-21 163328]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PAVBOOT
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a061068-a63e-11dc-9b72-001a92955521}]
\Shell\AutoRun\command - M:\InstallTomTomHOME.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://homepage.lmdpsg.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 18:00:33
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1454471165-436374069-725345543-1005\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:35,db,89,1d,a1,7e,af,5c,4c,24,d3,0e,08,f2,cb,96,37,0f,79,57,37,58,77,\
37,1e,d0,91,77,6a,90,a1,7d,ee,b6,b9,5d,62,0f,c6,11,bd,39,d1,ec,a0,05,18,2a,\
53,18,dc,f1,b3,88,32,8c,b6,ad,9d,7b,4a,98,81,71,74,ee,e7,af,92,49,e0,a4,20,\
48,24,0e,06,06,7a,85,cc,0e,33,79,8a,cd,ef,ff,02,4e,4b,b4,6d,8c,83,a2,7f,92,\
21,c7,ba,70,16,67,66,2c,80,a0,03,3c,73,ea,3e,cd,93,64,37,a1,75,49,5f,76,12,\
7d,5a,37,b1,50,a6,98,60,22,54,61,1f,96,ec,1c,fa,5e,30,7b,d5,14,41,76,eb,b1,\
d8,a0,65,57,22,f9,71,c2,b4,33,7d,7a,98,30,fc,56,77,1a,31,3b,e1,cb,db,ca,33,\
89,29,d7,6f,8e,e2,19,d1,33,4b,eb,77,be,e2,61,0d,24,8d,d9,28,00,26,1c,b9,a0,\
cc,de,a9,3f,1d,4d,1f,e5,68,b8,44,17,b8,fa,a7,5b,d2,ea,37,43,5c,a5,d7,ab,3f,\
f6,cb,b3,3b,27,3c,c5,fd,ac,ac,d0,7b,2c,f4,31,f0,32,2b,69,85,b0,27,11,26,0e,\
d6,cf,bf,e2,71,35,a3,69,5f,23,ee,41,5d,c6,cf,fc,dc,f8,4b,59,5e,1d,b3,d0,b2,\
ad,0a,2d,32,7e,80,e2,cb,06,07,f3,fb,77,2c,40,18,4c,eb,dd,02,6a,72,e6,33,08,\
e4,6c,c1,5c,70,60,1f,65,ed,ac,dd,d9,cb,cd,74,7c,54,70,8b,b3,39,29,bb,cf,c8,\
f3,94,17,95,8b,d2,3f,a8,fc,31,af,62,20,81,95,75,be,17,b7,86,90,71,2c,f6,68,\
f0,02,0c,42,1e,c4,ba,9c,08,a5,dc,66,24,cf,4e,45,61,a0,59,d2,0b,ed,c4,b1,87,\
80,20,fa,7a,ff,a6,28,f1,c6,01,01,f8,2a,b2,3b,c3,34,3f,da,1f,5b,74,c5,52,12,\
4e,79,c1,04,5b,39,e5,8e,46,ae,74,00,e9,bc,16,03,1d,37,7e,4b,89,88,a0,32,cf,\
0e,ce,08,fc,87,64,c5,e7,2b,0a,d5,aa,75,42,da,0d,f6,48,04,6f,87,ce,aa,c0,3b,\
f3,84,97,99,79,fa,5f,a5,1a,56,27,32,c1,83,07,2c,80,b9,3c,56,59,ef,3b,15,c7,\
06,a5,75,62,30,49,3e,77,8f,52,3c,52,d6,f9,86,c8,4d,54,b4,1b,4a,70,6e,5d,62,\
16,57,b4,89,a9,2f,cc,1b,73,26,b8,8c,e7,64,8b,de,92,69,47,08,1d,13,51,56,70,\
2f,b7,a1,40,cc,2a,37,66,0b,f4,55,7a,76,17,65,af,f9,1c,62,57,41,66,67,19,1d,\
bd,f8,bd,65,03,51,ab,8a,78,e7,bb,d7,6a,6e,62,db,35,c2,57,ec,b7,ba,85,2c,1e,\
b6,38,b6,89,2d,99,7d,d2,96,e1,15,ae,1e,db,0f,00,d4,7c,fa,9e,53,e2,a0,69,15,\
e0,e7,6e,28,d7,4d,7d,44,83,d1,ce,c4,5e,6b,11,6e,84,a4,45,a6,8c,69,c9,7c,77,\
58,7f,cc,3b,f9,fe,e7,57,c8,f7,cf,63,e9,70,b0,9c,9f,d7,00,1c,0b,a3,eb,83,51,\
18,08,a8,eb,87,bb,d3,c3,8b,57,8a,41,af,33,3a,ad,1d,c4,e2,ba,23,f7,0e,33,e1,\
18,9e,c0,40,a4,c0,51,b1,54,fc,e4,6e,81,20,89,f2,99,19,48,22,6b,18,2e,b2,a6,\
bb,bf,d1,a4,f3,54,93,d0,4b,19,1d,a7,5a,1c,c9,93,e3,69,8a,cd,1a,91,a1,4a,37,\
c4,e6,c4,3d,19,df,f2,bf,e8,89,81,86,83,cb,4f,66,9f,6b,f4,2b,c2,fe,91,46,59,\
03,99,bd,b3,24,e2,5a,6d,de,8f,fd,90,a4,90,52,f5,39,e7,f7,5e,43,7c,12,01,7a,\
e5,e7,5b,ac,f4,ef,f0,80,9f,4c,bd,f2,5f,1b,86,01,db,28,eb,49,79,21,04,3e,78,\
5f,e0,14,d2,07,26,73,24,fe,0e,e4,24,df,78,72,fe,ea,ac,50,1b,8e,36,b3,b0,0d,\
5b,e9,55,3c,ca,4a,1c,82,d8,a0,6c,79,e7,59,70,a9,f9,27,97,83,5b,c3,56,ec,05,\
17,04,c1,d2,2f,7c,41,d2,37
"??"=hex:30,46,f4,43,be,c9,27,c2,40,85,6c,c3,06,19,3a,fb
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Heure de fin: 2009-01-11 18:02:15 - La machine a redémarré [Yoann]
ComboFix-quarantined-files.txt 2009-01-11 17:02:12
Avant-CF: 26,523,484,160 octets libres
Après-CF: 27,606,679,552 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
278
ComboFix 09-01-08.01 - Yoann 2009-01-11 17:57:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.633 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yoann\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\aperukot.ini
c:\windows\system32\ehekuwup.ini
c:\windows\system32\elehogif.ini
c:\windows\system32\emolusov.ini
c:\windows\system32\idewobow.ini
c:\windows\system32\idozosal.ini
c:\windows\system32\ijahajil.ini
c:\windows\system32\ilobukez.ini
c:\windows\system32\ksl48.bin
c:\windows\system32\ogikujid.ini
c:\windows\system32\seretisa.dll
c:\windows\system32\ubifadod.ini
c:\windows\system32\uwolituw.ini
c:\windows\system32\vubuvuha.dll.vir
----- BITS: Il y a peut-être des sites infectés -----
hxxp://77.74.48.105
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.
2009-01-11 13:54 . 2009-01-11 13:54 <REP> d-------- c:\program files\Panda Security
2009-01-11 13:54 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-10 23:42 . 2009-01-10 23:43 <REP> d-------- C:\rsit
2009-01-10 23:25 . 2009-01-10 23:37 <REP> d-------- c:\program files\Navilog1
2009-01-10 21:47 . 2009-01-10 21:47 <REP> d-------- C:\_OTMoveIt
2009-01-10 13:36 . 2009-01-11 14:22 <REP> d-------- c:\documents and settings\Morgane\Tracing
2009-01-10 00:52 . 2009-01-11 18:00 <REP> d-------- c:\documents and settings\Yoann\Tracing
2009-01-10 00:45 . 2009-01-10 00:45 <REP> d-------- c:\program files\Microsoft
2009-01-10 00:44 . 2009-01-10 00:44 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-01-09 22:10 . 2009-01-09 22:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 22:10 . 2009-01-09 22:10 <REP> d-------- c:\documents and settings\Yoann\Application Data\Malwarebytes
2009-01-09 22:10 . 2009-01-09 22:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-09 22:10 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 22:10 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 19:23 . 2009-01-11 12:48 <REP> d-------- c:\program files\Trend Micro
2009-01-07 21:42 . 2009-01-07 21:42 <REP> d-------- c:\program files\CCleaner
2009-01-07 20:54 . 2009-01-07 20:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-07 12:00 . 2009-01-10 21:37 <REP> d-------- c:\documents and settings\All Users\Application Data\yozuyosa
2009-01-07 12:00 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\punawuwu
2009-01-06 17:44 . 2009-01-10 11:54 <REP> d-------- c:\documents and settings\All Users\Application Data\zilebobi
2009-01-06 17:44 . 2009-01-06 17:44 <REP> d-------- c:\documents and settings\All Users\Application Data\wiwisoho
2009-01-06 17:44 . 2009-01-09 22:53 <REP> d-------- c:\documents and settings\All Users\Application Data\wimesabi
2009-01-06 17:44 . 2009-01-06 17:44 <REP> d-------- c:\documents and settings\All Users\Application Data\ruwiraje
2009-01-06 17:44 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\kakekuze
2009-01-06 17:44 . 2009-01-09 22:53 <REP> d-------- c:\documents and settings\All Users\Application Data\buvujano
2009-01-05 18:18 . 2009-01-05 18:18 2,157 --ahs---- c:\windows\system32\sizehawi.dll
2009-01-04 13:12 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\tevupiru
2009-01-04 13:12 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\rigiwoti
2009-01-03 14:31 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\yelesato
2009-01-03 14:31 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\jubetufa
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\wifufulu
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\tebudati
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\pofegohu
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\mezutilo
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\hilozepi
2009-01-03 13:13 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\herifolu
2009-01-01 13:38 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\jakegetu
2009-01-01 13:38 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\gujayiwo
2008-12-31 11:47 . 2009-01-03 13:13 <REP> d-------- c:\documents and settings\All Users\Application Data\zozefebe
2008-12-31 11:47 . 2009-01-03 13:13 <REP> d-------- c:\documents and settings\All Users\Application Data\sapoviri
2008-12-31 11:47 . 2009-01-03 13:13 <REP> d-------- c:\documents and settings\All Users\Application Data\fomegozu
2008-12-31 11:46 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\mazimiru
2008-12-31 11:46 . 2008-12-31 11:46 <REP> d-------- c:\documents and settings\All Users\Application Data\giyesewu
2008-12-31 11:46 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\bimefili
2008-12-30 20:39 . 2008-12-30 20:39 0 --a------ c:\windows\nsreg.dat
2008-12-30 16:09 . 2008-12-30 16:27 1,283 --a------ c:\windows\eReg.dat
2008-12-30 15:58 . 2008-12-30 15:59 <REP> d-------- c:\program files\Maxis
2008-12-30 15:54 . 2008-12-30 15:54 <REP> d-------- c:\program files\directx
2008-12-30 12:43 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\zuniweto
2008-12-30 12:43 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\juhadapu
2008-12-30 11:43 . 2008-12-30 11:43 <REP> d-------- c:\documents and settings\All Users\Application Data\tadagagu
2008-12-30 11:43 . 2008-12-31 11:47 <REP> d-------- c:\documents and settings\All Users\Application Data\molugivu
2008-12-30 11:43 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\miziwiva
2008-12-30 11:43 . 2008-12-30 11:43 <REP> d-------- c:\documents and settings\All Users\Application Data\mejiyolo
2008-12-30 11:43 . 2008-12-31 11:47 <REP> d-------- c:\documents and settings\All Users\Application Data\dasofupu
2008-12-30 11:43 . 2008-12-31 11:47 <REP> d-------- c:\documents and settings\All Users\Application Data\bajawupo
2008-12-28 16:04 . 2005-07-26 13:44 20,992 --a------ c:\windows\system32\dshowext.ax
2008-12-28 16:03 . 2008-12-28 16:03 <REP> d-------- c:\program files\JL2005C
2008-12-24 14:05 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\soveveje
2008-12-24 14:05 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\gunowini
2008-12-24 11:33 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\zagubura
2008-12-24 11:33 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\torajigu
2008-12-24 11:33 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\sebajuyo
2008-12-24 11:33 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\modubelo
2008-12-24 11:33 . 2009-01-10 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\gebuhobo
2008-12-24 11:33 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\funeroga
2008-12-23 12:41 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\rujamika
2008-12-23 12:41 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\gehufidu
2008-12-22 12:06 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\wamejawe
2008-12-22 12:06 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\gipunowe
2008-12-21 11:17 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\zomuhiwu
2008-12-21 11:17 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\nalayafi
2008-12-19 17:53 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\tefifohi
2008-12-19 17:53 . 2009-01-09 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\mibevilo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 12:29 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-10 10:54 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-09 23:44 --------- d-----w c:\program files\Windows Live
2009-01-08 15:10 --------- d-----w c:\program files\eMule
2009-01-07 18:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2009-01-07 18:45 --------- d-----w c:\documents and settings\Yoann\Application Data\InstallShield
2008-12-30 15:27 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-12-21 00:42 --------- d-----w c:\program files\Google
2008-12-14 20:18 --------- d-----w c:\program files\DivX
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-08-21 20:53 23,232 ----a-w c:\documents and settings\Yoann\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Steam"="f:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"f:\\Program Files\\Steam\\SteamApps\\yoann91\\counter-strike source\\hl2.exe"=
"f:\\Mes Documents\\Virginie\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Google\\Google Toolbar\\Component\\GoogleToolbarManager_0531C63A913CC9D1.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\Setup\\avast.setup"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-11 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-21 78416]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-21 20560]
S3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-08-21 163328]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PAVBOOT
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a061068-a63e-11dc-9b72-001a92955521}]
\Shell\AutoRun\command - M:\InstallTomTomHOME.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://homepage.lmdpsg.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 18:00:33
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1454471165-436374069-725345543-1005\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:35,db,89,1d,a1,7e,af,5c,4c,24,d3,0e,08,f2,cb,96,37,0f,79,57,37,58,77,\
37,1e,d0,91,77,6a,90,a1,7d,ee,b6,b9,5d,62,0f,c6,11,bd,39,d1,ec,a0,05,18,2a,\
53,18,dc,f1,b3,88,32,8c,b6,ad,9d,7b,4a,98,81,71,74,ee,e7,af,92,49,e0,a4,20,\
48,24,0e,06,06,7a,85,cc,0e,33,79,8a,cd,ef,ff,02,4e,4b,b4,6d,8c,83,a2,7f,92,\
21,c7,ba,70,16,67,66,2c,80,a0,03,3c,73,ea,3e,cd,93,64,37,a1,75,49,5f,76,12,\
7d,5a,37,b1,50,a6,98,60,22,54,61,1f,96,ec,1c,fa,5e,30,7b,d5,14,41,76,eb,b1,\
d8,a0,65,57,22,f9,71,c2,b4,33,7d,7a,98,30,fc,56,77,1a,31,3b,e1,cb,db,ca,33,\
89,29,d7,6f,8e,e2,19,d1,33,4b,eb,77,be,e2,61,0d,24,8d,d9,28,00,26,1c,b9,a0,\
cc,de,a9,3f,1d,4d,1f,e5,68,b8,44,17,b8,fa,a7,5b,d2,ea,37,43,5c,a5,d7,ab,3f,\
f6,cb,b3,3b,27,3c,c5,fd,ac,ac,d0,7b,2c,f4,31,f0,32,2b,69,85,b0,27,11,26,0e,\
d6,cf,bf,e2,71,35,a3,69,5f,23,ee,41,5d,c6,cf,fc,dc,f8,4b,59,5e,1d,b3,d0,b2,\
ad,0a,2d,32,7e,80,e2,cb,06,07,f3,fb,77,2c,40,18,4c,eb,dd,02,6a,72,e6,33,08,\
e4,6c,c1,5c,70,60,1f,65,ed,ac,dd,d9,cb,cd,74,7c,54,70,8b,b3,39,29,bb,cf,c8,\
f3,94,17,95,8b,d2,3f,a8,fc,31,af,62,20,81,95,75,be,17,b7,86,90,71,2c,f6,68,\
f0,02,0c,42,1e,c4,ba,9c,08,a5,dc,66,24,cf,4e,45,61,a0,59,d2,0b,ed,c4,b1,87,\
80,20,fa,7a,ff,a6,28,f1,c6,01,01,f8,2a,b2,3b,c3,34,3f,da,1f,5b,74,c5,52,12,\
4e,79,c1,04,5b,39,e5,8e,46,ae,74,00,e9,bc,16,03,1d,37,7e,4b,89,88,a0,32,cf,\
0e,ce,08,fc,87,64,c5,e7,2b,0a,d5,aa,75,42,da,0d,f6,48,04,6f,87,ce,aa,c0,3b,\
f3,84,97,99,79,fa,5f,a5,1a,56,27,32,c1,83,07,2c,80,b9,3c,56,59,ef,3b,15,c7,\
06,a5,75,62,30,49,3e,77,8f,52,3c,52,d6,f9,86,c8,4d,54,b4,1b,4a,70,6e,5d,62,\
16,57,b4,89,a9,2f,cc,1b,73,26,b8,8c,e7,64,8b,de,92,69,47,08,1d,13,51,56,70,\
2f,b7,a1,40,cc,2a,37,66,0b,f4,55,7a,76,17,65,af,f9,1c,62,57,41,66,67,19,1d,\
bd,f8,bd,65,03,51,ab,8a,78,e7,bb,d7,6a,6e,62,db,35,c2,57,ec,b7,ba,85,2c,1e,\
b6,38,b6,89,2d,99,7d,d2,96,e1,15,ae,1e,db,0f,00,d4,7c,fa,9e,53,e2,a0,69,15,\
e0,e7,6e,28,d7,4d,7d,44,83,d1,ce,c4,5e,6b,11,6e,84,a4,45,a6,8c,69,c9,7c,77,\
58,7f,cc,3b,f9,fe,e7,57,c8,f7,cf,63,e9,70,b0,9c,9f,d7,00,1c,0b,a3,eb,83,51,\
18,08,a8,eb,87,bb,d3,c3,8b,57,8a,41,af,33,3a,ad,1d,c4,e2,ba,23,f7,0e,33,e1,\
18,9e,c0,40,a4,c0,51,b1,54,fc,e4,6e,81,20,89,f2,99,19,48,22,6b,18,2e,b2,a6,\
bb,bf,d1,a4,f3,54,93,d0,4b,19,1d,a7,5a,1c,c9,93,e3,69,8a,cd,1a,91,a1,4a,37,\
c4,e6,c4,3d,19,df,f2,bf,e8,89,81,86,83,cb,4f,66,9f,6b,f4,2b,c2,fe,91,46,59,\
03,99,bd,b3,24,e2,5a,6d,de,8f,fd,90,a4,90,52,f5,39,e7,f7,5e,43,7c,12,01,7a,\
e5,e7,5b,ac,f4,ef,f0,80,9f,4c,bd,f2,5f,1b,86,01,db,28,eb,49,79,21,04,3e,78,\
5f,e0,14,d2,07,26,73,24,fe,0e,e4,24,df,78,72,fe,ea,ac,50,1b,8e,36,b3,b0,0d,\
5b,e9,55,3c,ca,4a,1c,82,d8,a0,6c,79,e7,59,70,a9,f9,27,97,83,5b,c3,56,ec,05,\
17,04,c1,d2,2f,7c,41,d2,37
"??"=hex:30,46,f4,43,be,c9,27,c2,40,85,6c,c3,06,19,3a,fb
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Heure de fin: 2009-01-11 18:02:15 - La machine a redémarré [Yoann]
ComboFix-quarantined-files.txt 2009-01-11 17:02:12
Avant-CF: 26,523,484,160 octets libres
Après-CF: 27,606,679,552 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
278
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 18:54
11 janv. 2009 à 18:54
dis moi si ces fichiers sont considérés comme infectés sur virus total: https://www.virustotal.com/gui/
c:\documents and settings\All Users\Application Data\yozuyosa
c:\documents and settings\All Users\Application Data\punawuwu
c:\documents and settings\All Users\Application Data\ruwiraje
c:\documents and settings\All Users\Application Data\kakekuze
c:\documents and settings\All Users\Application Data\buvujano
c:\windows\system32\sizehawi.dll
c:\documents and settings\All Users\Application Data\mezutilo
c:\documents and settings\All Users\Application Data\jakegetu
c:\documents and settings\All Users\Application Data\gujayiwo
c:\documents and settings\All Users\Application Data\zozefebe
c:\documents and settings\All Users\Application Data\bajawupo
c:\documents and settings\All Users\Application Data\gunowini
c:\documents and settings\All Users\Application Data\gebuhobo
c:\documents and settings\All Users\Application Data\funeroga
c:\documents and settings\All Users\Application Data\gehufidu
c:\documents and settings\All Users\Application Data\wamejawe
c:\documents and settings\All Users\Application Data\gipunowe
c:\documents and settings\All Users\Application Data\nalayafi
c:\documents and settings\All Users\Application Data\yozuyosa
c:\documents and settings\All Users\Application Data\punawuwu
c:\documents and settings\All Users\Application Data\ruwiraje
c:\documents and settings\All Users\Application Data\kakekuze
c:\documents and settings\All Users\Application Data\buvujano
c:\windows\system32\sizehawi.dll
c:\documents and settings\All Users\Application Data\mezutilo
c:\documents and settings\All Users\Application Data\jakegetu
c:\documents and settings\All Users\Application Data\gujayiwo
c:\documents and settings\All Users\Application Data\zozefebe
c:\documents and settings\All Users\Application Data\bajawupo
c:\documents and settings\All Users\Application Data\gunowini
c:\documents and settings\All Users\Application Data\gebuhobo
c:\documents and settings\All Users\Application Data\funeroga
c:\documents and settings\All Users\Application Data\gehufidu
c:\documents and settings\All Users\Application Data\wamejawe
c:\documents and settings\All Users\Application Data\gipunowe
c:\documents and settings\All Users\Application Data\nalayafi
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 19:01
11 janv. 2009 à 19:01
quand j'envois un fichier , sa me met ca :
0 bytes size received / Se ha recibido un archivo vacio
0 bytes size received / Se ha recibido un archivo vacio
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 19:04
11 janv. 2009 à 19:04
pour tous?
encore des soucis sinon?
encore des soucis sinon?
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 19:06
11 janv. 2009 à 19:06
Ca me met ca pour tout ceux qui commencent par : c:/documents and settings...
Et Pour c:/windows/system32.... ca me met :
MD5: ed0906151bca302a9c3f713783407c47
First received: -
Date 2008.12.17 16:34:41 (CET) [>25D]
Résultats 0/36
Permalink: analisis/cbfbc63cf396438a2dd490788d13d63f
Et Pour c:/windows/system32.... ca me met :
MD5: ed0906151bca302a9c3f713783407c47
First received: -
Date 2008.12.17 16:34:41 (CET) [>25D]
Résultats 0/36
Permalink: analisis/cbfbc63cf396438a2dd490788d13d63f
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 19:13
11 janv. 2009 à 19:13
encore des soucis sinon?
Paris91
Messages postés
30
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
15 janvier 2009
11 janv. 2009 à 19:15
11 janv. 2009 à 19:15
Non ca rame pratiquement plus et tout :)
Sa veut dire que je n'ai plus de virus là ? =)
Sa veut dire que je n'ai plus de virus là ? =)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 janv. 2009 à 19:18
11 janv. 2009 à 19:18
ok oui c'est presque bon
mets a jour internet explorer ici:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_____________
pour virer ce qui a été utilisé: lance ceci:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
_______________
désactive ta restauration puis redémarre ton ordi puis réactive là
https://www.informatruc.com
_______________
voilà c'est bon!!!!
mets a jour internet explorer ici:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_____________
pour virer ce qui a été utilisé: lance ceci:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
_______________
désactive ta restauration puis redémarre ton ordi puis réactive là
https://www.informatruc.com
_______________
voilà c'est bon!!!!