Ordi rame fort
lolozxr750
Messages postés
180
Statut
Membre
-
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Depuis quelque jours mon ordi rame très fort, 'ai téléchargé Malwarebytes et voici le résultat. Maintenant que dois je faire ??
Merci d'avance pour vos réponses
Cordialement
M a l w a r e b y t e s A n t i - M a l w a r e ( E s s a i ) 1 . 6 5 . 0 . 1 4 0 0
w w w . m a l w a r e b y t e s . o r g
V e r s i o n d e l a b a s e d e d o n n é e s : v 2 0 1 2 . 0 9 . 1 7 . 0 5
W i n d o w s X P S e r v i c e P a c k 3 x 8 6 N T F S
I n t e r n e t E x p l o r e r 7 . 0 . 5 7 3 0 . 1 3
*********** : : B R E N D A N [ a d m i n i s t r a t e u r ]
P r o t e c t i o n : A c t i v é
1 7 / 0 9 / 2 0 1 2 1 1 : 4 4 : 1 0
a n n a l y s e m a l w a r e b y t e . t x t
T y p e d ' e x a m e n : E x a m e n c o m p l e t ( C : \ | D : \ | )
O p t i o n s d ' e x a m e n a c t i v é e s : M é m o i r e | D é m a r r a g e | R e g i s t r e | S y s t è m e d e f i c h i e r s | H e u r i s t i q u e / E x t r a | H e u r i s t i q u e / S h u r i k e n | P U P | P U M
O p t i o n s d ' e x a m e n d é s a c t i v é e s : P 2 P
E l é m e n t ( s ) a n a l y s é ( s ) : 2 7 2 0 8 9
T e m p s é c o u l é : 5 h e u r e ( s ) , 2 7 s e c o n d e ( s )
P r o c e s s u s m é m o i r e d é t e c t é ( s ) : 0
( A u c u n é l é m e n t n u i s i b l e d é t e c t é )
M o d u l e ( s ) m é m o i r e d é t e c t é ( s ) : 0
( A u c u n é l é m e n t n u i s i b l e d é t e c t é )
C l é ( s ) d u R e g i s t r e d é t e c t é e ( s ) : 2
H K C R \ A p p I D \ I E A d d o n . D L L ( R o g u e . U n V i r e x ) - > A u c u n e a c t i o n e f f e c t u é e .
H K L M \ S O F T W A R E \ T U T O 4 P C ( P U P . T u t o 4 P C ) - > A u c u n e a c t i o n e f f e c t u é e .
V a l e u r ( s ) d u R e g i s t r e d é t e c t é e ( s ) : 0
( A u c u n é l é m e n t n u i s i b l e d é t e c t é )
E l é m e n t ( s ) d e d o n n é e s d u R e g i s t r e d é t e c t é ( s ) : 1
H K L M \ S O F T W A R E \ M i c r o s o f t \ S e c u r i t y C e n t e r | A n t i V i r u s D i s a b l e N o t i f y ( P U M . D i s a b l e d . S e c u r i t y C e n t e r ) - > M a u v a i s : ( 1 ) B o n : ( 0 ) - > A u c u n e a c t i o n e f f e c t u é e .
D o s s i e r ( s ) d é t e c t é ( s ) : 0
( A u c u n é l é m e n t n u i s i b l e d é t e c t é )
F i c h i e r ( s ) d é t e c t é ( s ) : 3
C : \ D o c u m e n t s a n d S e t t i n g s \ ******* \ M e s d o c u m e n t s \ D o w n l o a d s \ q u i c k t i m e _ t e l e c h a r g e m e n t _ 0 1 n e t . e x e ( P U P . T o o l b a r . R e p a c k e d ) - > A u c u n e a c t i o n e f f e c t u é e .
C : \ D o c u m e n t s a n d S e t t i n g s \ ******* \ M e s d o c u m e n t s \ D o w n l o a d s \ s e t u p ( 1 ) . e x e ( T r o j a n . F a k e V L C ) - > A u c u n e a c t i o n e f f e c t u é e .
C : \ D o c u m e n t s a n d S e t t i n g s \ ******* \ M e s d o c u m e n t s \ D o w n l o a d s \ a d o b e a i r . e x e ( A d w a r e . S o l i m b a . L a m e ) - > A u c u n e a c t i o n e f f e c t u é e .
( f i n )
Depuis quelque jours mon ordi rame très fort, 'ai téléchargé Malwarebytes et voici le résultat. Maintenant que dois je faire ??
Merci d'avance pour vos réponses
Cordialement
M a l w a r e b y t e s A n t i - M a l w a r e ( E s s a i ) 1 . 6 5 . 0 . 1 4 0 0
w w w . m a l w a r e b y t e s . o r g
V e r s i o n d e l a b a s e d e d o n n é e s : v 2 0 1 2 . 0 9 . 1 7 . 0 5
W i n d o w s X P S e r v i c e P a c k 3 x 8 6 N T F S
I n t e r n e t E x p l o r e r 7 . 0 . 5 7 3 0 . 1 3
*********** : : B R E N D A N [ a d m i n i s t r a t e u r ]
P r o t e c t i o n : A c t i v é
1 7 / 0 9 / 2 0 1 2 1 1 : 4 4 : 1 0
a n n a l y s e m a l w a r e b y t e . t x t
T y p e d ' e x a m e n : E x a m e n c o m p l e t ( C : \ | D : \ | )
O p t i o n s d ' e x a m e n a c t i v é e s : M é m o i r e | D é m a r r a g e | R e g i s t r e | S y s t è m e d e f i c h i e r s | H e u r i s t i q u e / E x t r a | H e u r i s t i q u e / S h u r i k e n | P U P | P U M
O p t i o n s d ' e x a m e n d é s a c t i v é e s : P 2 P
E l é m e n t ( s ) a n a l y s é ( s ) : 2 7 2 0 8 9
T e m p s é c o u l é : 5 h e u r e ( s ) , 2 7 s e c o n d e ( s )
P r o c e s s u s m é m o i r e d é t e c t é ( s ) : 0
( A u c u n é l é m e n t n u i s i b l e d é t e c t é )
M o d u l e ( s ) m é m o i r e d é t e c t é ( s ) : 0
( A u c u n é l é m e n t n u i s i b l e d é t e c t é )
C l é ( s ) d u R e g i s t r e d é t e c t é e ( s ) : 2
H K C R \ A p p I D \ I E A d d o n . D L L ( R o g u e . U n V i r e x ) - > A u c u n e a c t i o n e f f e c t u é e .
H K L M \ S O F T W A R E \ T U T O 4 P C ( P U P . T u t o 4 P C ) - > A u c u n e a c t i o n e f f e c t u é e .
V a l e u r ( s ) d u R e g i s t r e d é t e c t é e ( s ) : 0
( A u c u n é l é m e n t n u i s i b l e d é t e c t é )
E l é m e n t ( s ) d e d o n n é e s d u R e g i s t r e d é t e c t é ( s ) : 1
H K L M \ S O F T W A R E \ M i c r o s o f t \ S e c u r i t y C e n t e r | A n t i V i r u s D i s a b l e N o t i f y ( P U M . D i s a b l e d . S e c u r i t y C e n t e r ) - > M a u v a i s : ( 1 ) B o n : ( 0 ) - > A u c u n e a c t i o n e f f e c t u é e .
D o s s i e r ( s ) d é t e c t é ( s ) : 0
( A u c u n é l é m e n t n u i s i b l e d é t e c t é )
F i c h i e r ( s ) d é t e c t é ( s ) : 3
C : \ D o c u m e n t s a n d S e t t i n g s \ ******* \ M e s d o c u m e n t s \ D o w n l o a d s \ q u i c k t i m e _ t e l e c h a r g e m e n t _ 0 1 n e t . e x e ( P U P . T o o l b a r . R e p a c k e d ) - > A u c u n e a c t i o n e f f e c t u é e .
C : \ D o c u m e n t s a n d S e t t i n g s \ ******* \ M e s d o c u m e n t s \ D o w n l o a d s \ s e t u p ( 1 ) . e x e ( T r o j a n . F a k e V L C ) - > A u c u n e a c t i o n e f f e c t u é e .
C : \ D o c u m e n t s a n d S e t t i n g s \ ******* \ M e s d o c u m e n t s \ D o w n l o a d s \ a d o b e a i r . e x e ( A d w a r e . S o l i m b a . L a m e ) - > A u c u n e a c t i o n e f f e c t u é e .
( f i n )
A voir également:
- Ordi rame fort
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Ecran ordi a l'envers - Guide
- Mon ordi ne reconnait pas ma clé usb - Guide
91 réponses
Bonsoir,
Voici le rapport.
Malwarebytes Anti-Malware (Essai) 1.65.0.1400
www.malwarebytes.org
Version de la base de données: v2012.09.23.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Choveau :: BRENDAN [administrateur]
Protection: Activé
23/09/2012 16:39:13
analyse malwarebytes N°3.txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 296428
Temps écoulé: 3 heure(s), 40 minute(s), 27 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Documents and Settings\Choveau\Bureau\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.
C:\Documents and Settings\Choveau\Mes documents\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.
(fin)
Voici le rapport.
Malwarebytes Anti-Malware (Essai) 1.65.0.1400
www.malwarebytes.org
Version de la base de données: v2012.09.23.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Choveau :: BRENDAN [administrateur]
Protection: Activé
23/09/2012 16:39:13
analyse malwarebytes N°3.txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 296428
Temps écoulé: 3 heure(s), 40 minute(s), 27 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Documents and Settings\Choveau\Bureau\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.
C:\Documents and Settings\Choveau\Mes documents\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.
(fin)
▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix
▶ Ferme les fenêtres de tous les programmes en cours.
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
Si tu es sur Windows XP, laisse-le installer la console de récupération.
▶ Ne touche à rien durant le scan
ComboFix devrait redémarrer ton PC.
▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Le voici :
ComboFix 12-09-23.02 - Choveau 23/09/2012 22:41:24.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.502 [GMT 2:00]
Lancé depuis: c:\documents and settings\Choveau\Bureau\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\35735b8937fdd668.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b22ab6acfacfb730.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\oobe\msoobe.err
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-23 au 2012-09-23 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-23 20:14 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D61C9720-80DC-4611-A51F-2CE901AD9D73}\mpengine.dll
2012-09-22 15:45 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 19:34 . 2012-09-22 06:07 -------- d-----w- C:\Pre_Scan
2012-09-19 19:21 . 2012-09-19 19:21 -------- d-----w- c:\documents and settings\Propriétaire
2012-09-19 14:47 . 2012-09-19 14:48 -------- d-----w- c:\documents and settings\Administrateur
2012-09-19 14:26 . 2012-09-21 20:03 -------- d-----w- c:\program files\FileHippo.com
2012-09-19 10:14 . 2012-09-19 10:47 -------- d-----w- c:\documents and settings\Choveau\Application Data\AVG2012
2012-09-18 19:54 . 2012-09-18 19:54 -------- d-----w- c:\documents and settings\Choveau\Local Settings\Application Data\VS Revo Group
2012-09-18 19:54 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-18 19:54 . 2012-09-18 19:54 -------- d-----w- c:\program files\VS Revo Group
2012-09-17 09:31 . 2012-09-17 09:31 -------- d-----w- c:\documents and settings\Choveau\Application Data\Malwarebytes
2012-09-17 09:31 . 2012-09-17 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-17 09:30 . 2012-09-17 09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 09:30 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-11 17:14 . 2012-09-11 17:14 -------- d-----w- c:\program files\Winamax Poker
2012-09-09 16:24 . 2012-09-09 16:24 -------- d-----w- c:\documents and settings\Choveau\Application Data\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
2012-09-09 16:12 . 2012-09-09 16:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-09 16:12 . 2012-09-09 16:12 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-09 09:15 . 2012-09-09 09:15 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2012-08-31 15:38 . 2012-08-31 15:38 -------- d-----w- C:\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:59 . 2009-02-05 10:59 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-02-05 10:12 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:27 . 2009-02-05 10:59 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 15:00 . 2009-02-05 10:59 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:00 . 2009-02-05 10:59 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:00 . 2012-05-28 07:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:00 . 2009-02-05 10:59 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}]
2012-09-23 20:02 345 ----a-w- c:\program files\Internet Explorer\IEAddon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-29 39408]
"BHO Update"="c:\program files\Internet Explorer\Updater.exe" [2011-11-21 118272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-14 17508864]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Atari\\Deer Hunter 2005 Demo\\DH2005Demo.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Choveau\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:HTTPS
"21:TCP"= 21:TCP:*:Disabled:FTP
"2272:TCP"= 2272:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [05/02/2009 12:59 14336]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [17/09/2012 11:31 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/09/2012 11:31 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/09/2012 11:30 22856]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 01:03 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [07/06/2012 19:12 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/09/2012 18:12 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/04/2009 14:31 1684736]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 01:03 135664]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [18/09/2012 21:54 27064]
S4 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 16:12]
.
2012-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb75fb8a4bcf3a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:03]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:03]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1178991938-4199846798-435951898-1006Core.job
- c:\documents and settings\Choveau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-14 14:31]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1178991938-4199846798-435951898-1006UA.job
- c:\documents and settings\Choveau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-14 14:31]
.
2012-09-23 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-09-23 c:\windows\Tasks\User_Feed_Synchronization-{82C593B8-2DA0-4DA4-B12C-F46117978CB3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 109.0.66.20 109.0.66.10
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-FileHippo.com - c:\program files\FileHippo.com\uninstall.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Choveau\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\fichiers communs\akamai/netsession_win_5891ae0.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Heure de fin: 2012-09-23 23:00:35
ComboFix-quarantined-files.txt 2012-09-23 21:00
.
Avant-CF: 44 632 453 120 octets libres
Après-CF: 45 125 873 664 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 19BD967DB11652DC908D14CFEFDF8221
ComboFix 12-09-23.02 - Choveau 23/09/2012 22:41:24.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.502 [GMT 2:00]
Lancé depuis: c:\documents and settings\Choveau\Bureau\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\35735b8937fdd668.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b22ab6acfacfb730.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\oobe\msoobe.err
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-23 au 2012-09-23 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-23 20:14 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D61C9720-80DC-4611-A51F-2CE901AD9D73}\mpengine.dll
2012-09-22 15:45 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 19:34 . 2012-09-22 06:07 -------- d-----w- C:\Pre_Scan
2012-09-19 19:21 . 2012-09-19 19:21 -------- d-----w- c:\documents and settings\Propriétaire
2012-09-19 14:47 . 2012-09-19 14:48 -------- d-----w- c:\documents and settings\Administrateur
2012-09-19 14:26 . 2012-09-21 20:03 -------- d-----w- c:\program files\FileHippo.com
2012-09-19 10:14 . 2012-09-19 10:47 -------- d-----w- c:\documents and settings\Choveau\Application Data\AVG2012
2012-09-18 19:54 . 2012-09-18 19:54 -------- d-----w- c:\documents and settings\Choveau\Local Settings\Application Data\VS Revo Group
2012-09-18 19:54 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-18 19:54 . 2012-09-18 19:54 -------- d-----w- c:\program files\VS Revo Group
2012-09-17 09:31 . 2012-09-17 09:31 -------- d-----w- c:\documents and settings\Choveau\Application Data\Malwarebytes
2012-09-17 09:31 . 2012-09-17 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-17 09:30 . 2012-09-17 09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 09:30 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-11 17:14 . 2012-09-11 17:14 -------- d-----w- c:\program files\Winamax Poker
2012-09-09 16:24 . 2012-09-09 16:24 -------- d-----w- c:\documents and settings\Choveau\Application Data\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
2012-09-09 16:12 . 2012-09-09 16:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-09 16:12 . 2012-09-09 16:12 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-09 09:15 . 2012-09-09 09:15 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2012-08-31 15:38 . 2012-08-31 15:38 -------- d-----w- C:\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:59 . 2009-02-05 10:59 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-02-05 10:12 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:27 . 2009-02-05 10:59 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 15:00 . 2009-02-05 10:59 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:00 . 2009-02-05 10:59 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:00 . 2012-05-28 07:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:00 . 2009-02-05 10:59 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}]
2012-09-23 20:02 345 ----a-w- c:\program files\Internet Explorer\IEAddon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-29 39408]
"BHO Update"="c:\program files\Internet Explorer\Updater.exe" [2011-11-21 118272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-14 17508864]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-20 00:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Atari\\Deer Hunter 2005 Demo\\DH2005Demo.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Choveau\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:HTTPS
"21:TCP"= 21:TCP:*:Disabled:FTP
"2272:TCP"= 2272:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [05/02/2009 12:59 14336]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [17/09/2012 11:31 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/09/2012 11:31 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/09/2012 11:30 22856]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 01:03 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [07/06/2012 19:12 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/09/2012 18:12 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/04/2009 14:31 1684736]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 01:03 135664]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [18/09/2012 21:54 27064]
S4 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 16:12]
.
2012-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb75fb8a4bcf3a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:03]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:03]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1178991938-4199846798-435951898-1006Core.job
- c:\documents and settings\Choveau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-14 14:31]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1178991938-4199846798-435951898-1006UA.job
- c:\documents and settings\Choveau\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-14 14:31]
.
2012-09-23 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-09-23 c:\windows\Tasks\User_Feed_Synchronization-{82C593B8-2DA0-4DA4-B12C-F46117978CB3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 109.0.66.20 109.0.66.10
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-FileHippo.com - c:\program files\FileHippo.com\uninstall.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Choveau\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\fichiers communs\akamai/netsession_win_5891ae0.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Heure de fin: 2012-09-23 23:00:35
ComboFix-quarantined-files.txt 2012-09-23 21:00
.
Avant-CF: 44 632 453 120 octets libres
Après-CF: 45 125 873 664 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 19BD967DB11652DC908D14CFEFDF8221
Oui.
On va pas s'embêter avec ZHPDiag :
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
▶ Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge OTL.txt et extra.txt sur http://pjjoint.malekal.com et donne les liens
On va pas s'embêter avec ZHPDiag :
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
▶ Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge OTL.txt et extra.txt sur http://pjjoint.malekal.com et donne les liens
https://forums.commentcamarche.net/forum/affich-26091686-ordi-rame-fort?page=3#78
désinstalle un des deux !!
désinstalle un des deux !!
https://forums.commentcamarche.net/forum/affich-26091686-ordi-rame-fort?page=3#80
.::. Contributeur Sécurité .::.
.::. Contributeur Sécurité .::.
