Sujet Précédent Sujet Suivant

Infection

papito14 Messages postés 58 Statut Membre -  
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,j ai un gros probleme depui une semaine avira detecte des virus mon pc est tres infecte plezz aider moi je voi envois mon log hijack this et j attend vos reponses.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:45, on 07/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\userini.exe
C:\Program Files\C-Media\WIN_ME\Mixer.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\userini.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Mixer] C:\Program Files\C-Media\WIN_ME\Mixer.exe
O4 - HKCU\..\Run: [SuperCopier 2 (explorer file copy replacement)] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Admin\wcrfide.exe \u
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{107C3BAF-D6F1-4D58-ACF9-F818E48C09F9}: NameServer = 213.154.95.126 213.154.64.13
O20 - Winlogon Notify: csbdll - C:\WINDOWS\SYSTEM32\csbdll.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Websense CPM Report Scheduler (aoyzosb9zu3) - Unknown owner - C:\WINDOWS\system32\hiwyden.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: RUMBA AS/400 Shared Folders (yagaweeibfa) - Unknown owner - C:\WINDOWS\system32\kerissiri.exe (file missing)

8 réponses

Réponse 1 / 8
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
C'est une poubelle ton PC :\

Sauvegarde les documents importants, on est pas à l'abri d'un plantage.

DESACTIVE LA PROTECTION ANTIVIR DURANT LA PROCEDURE

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 

driver:: 
obwilrj
utuhfqlh
hntiifuh
aoyzosb9zu3
rootkit:: 
c:\windows\system32\boowu.exe
c:\windows\system32\drivers\utuhfqlh.sys
c:\documents and settings\Admin\Application Data\kyrnmy.exe


Enregistre ce fichier sous le nom CFScript

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

[*]Combofix se lance, laisse toi guider..

[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

Zip le dossier c:\qoobox
Envoie le sur http://upload.malekal.com

Ready To Fall \o/
1
Réponse 2 / 8
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
Salut,

Sauvegarde tes données car on est pas à l'abri d'un plantage.

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

DESACTIVE LA PROTECTION ANTIVIR DURANT LA PROCEDURE

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 

file::
C:\WINDOWS\SYSTEM32\csbdll.dll
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll]


Enregistre ce fichier sous le nom CFScript

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

[*]Combofix se lance, laisse toi guider..

[*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
0
Réponse 3 / 8
papito14 Messages postés 58 Statut Membre 2
 
salut malekal et merci de la reponse apres annalyse de combo fix g ca

ComboFix 10-06-07.03 - Admin 07/06/2010 22:21:17.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.678 [GMT 0:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Admin\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
0
Réponse 4 / 8
papito14 Messages postés 58 Statut Membre 2
 
FILE ::
"c:\windows\SYSTEM32\csbdll.dll"
.
[i] ADS - explorer.exe: deleted 55808 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dir\install
c:\documents and settings\Admin\Application Data\alot
c:\documents and settings\Admin\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Admin\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Admin\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Admin\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Admin\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Admin\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Admin\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Admin\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Admin\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Admin\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Admin\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Admin\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Admin\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Admin\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Admin\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Admin\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Admin\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Admin\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Admin\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Admin\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Admin\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Admin\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Admin\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Admin\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Admin\Application Data\alot\products\products.xml
c:\documents and settings\Admin\Application Data\alot\products\products.xml.backup
c:\documents and settings\Admin\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Admin\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Admin\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Admin\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Admin\Application Data\alot\Resources\Button_2\images\2361_icon.png
c:\documents and settings\Admin\Application Data\alot\Resources\Button_3\images\default_2334_default_2301_hulu.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Button_3\images\default_2334_default_2301_hulu.png
c:\documents and settings\Admin\Application Data\alot\Resources\Button_4\images\default_1042_alot_video_vault.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Button_4\images\default_1042_alot_video_vault.png
c:\documents and settings\Admin\Application Data\alot\Resources\Button_5\images\default_1390_facebook.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Button_5\images\default_1390_facebook.png
c:\documents and settings\Admin\Application Data\alot\Resources\Button_6\images\default_1667_www.youtube.com_button.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Button_6\images\default_1667_www.youtube.com_button.png
c:\documents and settings\Admin\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.png
c:\documents and settings\Admin\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Admin\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Admin\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Admin\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Admin\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Admin\Application Data\alot\toolbar.xml
c:\documents and settings\Admin\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Admin\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Admin\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Admin\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Admin\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Admin\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Admin\Application Data\cift.exe
c:\documents and settings\Admin\Application Data\FirePassword.exe
c:\documents and settings\Admin\Application Data\GabPath
c:\documents and settings\Admin\Application Data\GabPath\config.cfg
c:\documents and settings\Admin\Application Data\GabPath\GPUninstall.exe
c:\documents and settings\Admin\Application Data\wiaservg.log
c:\documents and settings\Admin\secupdat.dat
c:\windows\system32\1911.dll
c:\windows\system32\365758
c:\windows\system32\bin
c:\windows\system32\bin\j3dcore-ogl.dll
c:\windows\system32\csbdll.dll
c:\windows\system32\secupdat.dat
c:\windows\system32\userini.exe
c:\windows\system32\wbem\grpconv.exe

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - D36960A2FA635C1FCE6441FF495B0AAB
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
papito14 Messages postés 58 Statut Membre 2
 
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 14:25 . 2009-10-18 14:52 -------- d-----w- c:\program files\SuperCopier2
2010-06-14 13:47 . 2010-02-04 17:45 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-06-14 13:47 . 2009-08-03 15:42 -------- d-----w- c:\documents and settings\Admin\Application Data\dvdcss
2010-06-12 14:11 . 2001-10-02 16:17 81136 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-12 14:11 . 2001-10-02 16:17 501696 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-12 12:56 . 2009-05-23 14:07 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent
2010-06-11 20:59 . 2009-10-05 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-06-07 21:17 . 2010-04-08 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-06-07 21:13 . 2009-06-14 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-06-07 16:19 . 2005-07-26 13:01 1037824 ----a-w- c:\windows\explorer.exe
2010-06-06 20:45 . 2009-05-23 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-06 15:49 . 2004-08-19 14:10 14336 ----a-w- c:\windows\system32\svchost.exe
2010-06-06 15:48 . 2009-09-25 13:54 8 ----a-w- c:\windows\system32\nvModes.dat
2010-06-06 15:00 . 2009-12-17 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 13:01 . 2009-09-14 11:36 -------- d-----w- c:\program files\Ipulp
2010-06-06 12:55 . 2010-01-17 12:31 -------- d-----w- c:\program files\Google
2010-06-04 14:53 . 2009-11-05 19:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 21:20 . 2010-05-30 21:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-05-26 20:36 . 2010-05-26 20:36 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a234fb9-n\msvcp71.dll
2010-05-26 20:36 . 2010-05-26 20:36 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a234fb9-n\jmc.dll
2010-05-26 20:36 . 2010-05-26 20:36 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4a234fb9-n\msvcr71.dll
2010-05-26 20:35 . 2010-05-26 20:35 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-276837dd-n\decora-sse.dll
2010-05-26 20:35 . 2010-05-26 20:35 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-276837dd-n\decora-d3d.dll
2010-05-15 18:06 . 2010-02-12 13:18 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe
2010-05-15 18:06 . 2010-02-12 13:18 -------- d-----w- c:\documents and settings\Admin\Application Data\Facebook
2010-05-15 16:32 . 2009-05-23 14:07 -------- d-----w- c:\program files\uTorrent
2010-05-15 10:57 . 2009-06-30 22:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-15 10:56 . 2010-05-15 10:56 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-11 19:38 . 2009-06-03 11:25 0 ----a-w- C:\unpacked.bin
2010-05-07 19:46 . 2009-05-23 20:08 -------- d-----w- c:\program files\Opera
2010-05-06 10:33 . 2005-10-12 08:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 22:31 . 2009-11-18 14:29 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-05 20:35 . 2010-05-05 18:08 -------- d-----w- c:\program files\DkZ Studio
2010-05-05 18:59 . 2010-05-05 18:59 -------- d-----w- c:\program files\DkZ Update
2010-05-02 08:08 . 2005-07-26 13:01 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 19:46 . 2009-05-23 13:09 -------- d-----w- c:\program files\ma-config.com
2010-05-01 19:46 . 2009-05-23 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-04-30 16:52 . 2010-04-30 16:51 -------- d-----w- c:\documents and settings\Admin\Application Data\GetRightToGo
2010-04-28 20:35 . 2010-04-28 20:35 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a5bffd-n\msvcp71.dll
2010-04-28 20:35 . 2010-04-28 20:35 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a5bffd-n\jmc.dll
2010-04-28 20:35 . 2010-04-28 20:35 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a5bffd-n\msvcr71.dll
2010-04-27 17:20 . 2009-07-12 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-04-27 17:11 . 2010-04-27 17:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-04-27 17:11 . 2010-04-27 17:11 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-04-27 17:03 . 2010-04-27 17:03 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-27 17:02 . 2009-07-12 13:07 -------- d-----w- c:\program files\Nokia
2010-04-27 17:01 . 2010-04-27 17:01 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\Sleep.exe
2010-04-27 17:01 . 2010-04-27 17:01 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\msxml6Exec.exe
2010-04-27 17:01 . 2010-04-27 17:01 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\Installer\CommonCustomActions\vcredistExec.exe
2010-04-27 17:00 . 2010-04-27 17:02 35398096 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4186FEBC-F0CC-4185-A406-24292BC9877A}\NokiaSoftwareUpdaterSetup_2.4.8FR.exe
2010-04-26 17:38 . 2009-06-27 00:10 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-25 22:19 . 2010-04-25 22:19 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-04-23 20:01 . 2010-04-23 20:01 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-23 20:01 . 2010-04-23 20:01 13824 ----a-w- c:\windows\system32\slwga.dll
2010-04-23 16:49 . 2010-04-23 16:49 -------- d-----w- c:\program files\Ares
2010-04-23 16:15 . 2010-04-20 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download
2010-04-21 14:16 . 2010-04-21 14:16 -------- d-----w- c:\program files\Realtek
2010-04-20 18:55 . 2010-04-20 18:55 -------- d-----w- c:\documents and settings\Admin\Application Data\SuperMP3Download
2010-04-20 05:30 . 2004-08-19 14:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 16:49 . 2010-04-19 16:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2010-04-19 16:49 . 2010-04-19 16:49 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-04-19 16:40 . 2009-05-23 13:29 -------- d-----w- c:\documents and settings\Admin\Application Data\DMCache
2010-04-17 13:00 . 2010-04-17 12:59 -------- d-----w- c:\documents and settings\Admin\Application Data\StoneTrip
2010-04-17 13:00 . 2010-04-17 13:00 53312 ----a-w- c:\documents and settings\Admin\Application Data\StoneTrip\Player\S3DOptions.exe
2010-04-17 13:00 . 2010-04-17 13:00 204864 ----a-w- c:\documents and settings\Admin\Application Data\StoneTrip\Player\S3DCrashReporter.exe
2010-04-17 13:00 . 2010-04-17 13:00 6107136 ----a-w- c:\documents and settings\Admin\Application Data\StoneTrip\Player\S3DClient.dll
2010-04-17 13:00 . 2010-04-17 13:00 409600 ----a-w- c:\documents and settings\Admin\Application Data\StoneTrip\Player\wrap_oal.dll
2010-04-17 13:00 . 2010-04-17 13:00 114688 ----a-w- c:\documents and settings\Admin\Application Data\StoneTrip\Player\OpenAL32.dll
2010-04-17 12:59 . 2010-04-17 12:59 60758 ----a-w- c:\documents and settings\Admin\Application Data\StoneTrip\Web Player\S3D Web Player-uninst.exe
2010-04-04 00:15 . 2010-04-03 23:27 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-03-30 20:58 . 2010-03-30 20:58 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-03-30 19:33 . 2010-03-30 19:33 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-557e2def-n\decora-sse.dll
2010-03-30 19:33 . 2010-03-30 19:33 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-557e2def-n\decora-d3d.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
0
Réponse 6 / 8
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
envoie le rapport sur http://www.cijoint.fr/
Ce sera mieux!

Merci!
0
Réponse 7 / 8
papito14 Messages postés 58 Statut Membre 2
 
------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-06-14_14.15.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-14 14:25 . 2010-06-14 14:25 16384 c:\windows\Temp\Perflib_Perfdata_560.dat
+ 2010-06-14 14:26 . 2008-02-02 09:23 377344 c:\windows\system32\Sexy Girls.scr
+ 2010-06-14 14:26 . 2008-02-02 09:23 377344 c:\windows\inf\smss.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Mixer"="c:\program files\C-Media\WIN_ME\Mixer.exe" [2001-09-12 1134592]
"SuperCopier 2 (explorer file copy replacement)"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\Admin\Menu D'marrer\Programmes\D'marrage\
DosÿOptimizer.pif [2008-2-2 377344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"HonorAutoRunSetting"= 0 (0x0)
"DisallowRun"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VDOWNLOADER\\VDownloader.exe"=
"c:\\Program Files\\AC3Filter\\ac3config.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Admin\\Mes documents\\Downloads\\Compressed\\JDownloader 0.7\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Games\\KONAMI\\PES 2009\\pes2009.exe"=
"e:\\Games\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"e:\\Games\\KONAMI\\Pro Evolution Soccer 6\\alluneed\\GoalServer6.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Games\\KONAMI\\PES 2009\\GSoccerPatchPES2009.exe"=
"e:\\Games\\KONAMI\\pes6\\Pro Evolution Soccer 6 Rip\\pes6.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Ares\\chatServer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"e:\\Games\\KONAMI\\PES 2010\\pes2010.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/06/2010 21:17 135336]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [08/01/2010 23:42 285744]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15/07/2007 02:37 27992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 10:38 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/01/2010 12:31 135664]
S2 yagaweeibfa;RUMBA AS/400 Shared Folders;c:\windows\system32\kerissiri.exe --> c:\windows\system32\kerissiri.exe [?]
S3 ALI5261;Pilote NT de base Ethernet ALi;c:\windows\system32\drivers\ALI5261.SYS [01/05/2010 22:42 27678]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [25/04/2010 22:19 23456]
S3 IBMTRP;Carte IBM PCI Token Ring (générique);c:\windows\system32\drivers\IBMTRP.SYS [08/06/2010 22:11 109085]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/05/2010 13:58 271728]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [23/04/2010 16:58 16640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/10/2009 12:11 721904]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 12:31]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 12:31]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1606980848-839522115-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-07 15:41]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1606980848-839522115-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-07 15:41]

2010-05-21 c:\windows\Tasks\Maintenance automatique.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2010-02-25 10:46]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
TCP: {107C3BAF-D6F1-4D58-ACF9-F818E48C09F9} = 213.154.64.13 213.154.95.126
TCP: {5CA8EBF0-347C-49F1-A094-385F3F680A51} = 213.154.64.13,213.154.95.126
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\zihqvc1f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1692712&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15561&l=dis
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\zihqvc1f.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Admin\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-FrameWorkService - (no file)
HKLM-Run-FrameWorkService - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 14:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\system32\Sexy Girls.scr 377344 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Admin\LOCALS~1\Temp\mc27.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d0,79,f6,74,9f,4b,32,2f,fc,1f,4f,8d,c5,48,72,3f,7a,38,d6,a6,7f,
3e,e7,0b,23,a3,a0,e7,01,16,77,0b,a7,4f,fb,b5,6d,90,81,e1,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e80e495d-b36e-4266-99c0-4b587f7a97c0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000069
"Therad"=dword:00000005
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3632)
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\Admin\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
.
**************************************************************************
.
Heure de fin: 2010-06-14 14:31:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-14 14:31
ComboFix2.txt 2010-06-07 23:56
ComboFix3.txt 2010-06-07 22:33

Avant-CF: 29 726 949 376 octets libres
Après-CF: 29 707 304 960 octets libres

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - E6BF708DE4DA2510A8EE49D7C3255111
0
Réponse 8 / 8
Malekal_morte- Messages postés 184348 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 693
 
envoie le rapport sur http://www.cijoint.fr/
Ce sera mieux!

Merci!
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Infection Bloom ?
ccm81 -
fabul -

8 réponses