Sujet Précédent Sujet Suivant

487d.exe

Fermé
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015 - 31 déc. 2009 à 18:27
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 3 janv. 2010 à 18:39
Bonjour,
qui peut me dire ce qu'est 487d.exe?

49 réponses

Précédent
Réponse 21 / 49
figor Messages postés 395 Date d'inscription samedi 15 octobre 2005 Statut Membre Dernière intervention 8 mars 2018 48
1 janv. 2010 à 06:55
Bonne année 2010
0
Réponse 22 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 07:32
Rapport de ZHPDiag v1.24.40 par Nicolas Coolman
Run by GIANNI at 1/01/2010 7:26:02
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Windows Vista (TM) Home Premium (6.0.6002) Service Pack 2
MSIE: Internet Explorer v8.0.6001.18865
MFIE: Mozilla Firefox (3.5.6)

Boot mode: Normal (Normal boot)
Total RAM: 894 MB (26% free)
System drive C: has 114 GB (76%) free of 149 GB

---\\ Processus lancés
[MD5.19DFA4463D9FBA9E7046E8264D0656D8] - C:\Program Files\McAfee\Common Framework\udaterui.exe
[MD5.E75105DF25DA39DCAC3EBB6D1C2AB79C] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[MD5.35937EAD711207544E219C2A19A78A7D] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
[MD5.00000000000000000000000000000000] - C:\Users\GIANNI\AppData\Roaming\sdra64.exe
[MD5.18B4B12358EFCF68D76812058A26181F] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[MD5.9E35FF7F943AE0FB89192BFE058B7FD4] - C:\Program Files\Windows Sidebar\Sidebar.exe
[MD5.3794B461C45882E06856F282EEF025AF] - C:\Windows\system32\svchost.exe
[MD5.5C7B88695CE461D8BDA4FE0C0E57E71D] - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[MD5.299151A72A950F83E8AA569AB47099AC] - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
[MD5.C3D7E3DCC470D0A5230A485549F21908] - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
[MD5.4CD3EE64736B4D156DAC5C1D6EB60C24] - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[MD5.291ADFCB72658349A929B903BC47F8EA] - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
[MD5.9DF3A434657512B31549F8D20AFFAD5F] - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
[MD5.B87B41F2C05788F04A3B487902803FD2] - C:\Windows\system32\mfevtps.exe
[MD5.3978F3540329E16C0AC3BCF677E5669F] - C:\Windows\system32\lsass.exe
[MD5.271077B91D7AD1B616F8AFDFE8E3F981] - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - C:\Windows\system32\SLsvc.exe
[MD5.524BFBEA40E6E404737CCBC754647A2E] - C:\Windows\System32\spoolsv.exe
[MD5.AED0DFF80C6B3914769407E78D7AB21A] - C:\Windows\system32\SearchIndexer.exe

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [userinit] C:\Users\GIANNI\AppData\Roaming\sdra64.exe
O4 - HKLM\..\policies\Explorer: [BindDirectlyToPropertySetStorage] Data=0
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKCU\..\policies\Explorer: [NoLowDiskSpaceChecks] Data=1
O4 - HKCU\..\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKCU\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\opxr.tmp\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\opxr.tmp\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File - C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File - C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File - C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File - C:\Windows\system32\winrnr.dll

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\msgrapp.14.0.8089.0726.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Process Monitor (LVPrcSrv) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: (MBAMService) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart
O23 - Service: McAfee McShield (McShield) - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - C:\Windows\system32\mfevtps.exe
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{A5599F64-821C-40E3-9000-71BE4A8BFA04}.job

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: (no name) - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
O40 - ASIC: Browser Customizations - >{97BFB627-6E7B-492A-8B95-61754BAAB54D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {233C1507-6A77-46A4-9443-F871F945D258} - C:\Windows\system32\Adobe\Director\SwDir.dll
O40 - ASIC: Adobe Shockwave Director 11.0.3 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: YahooYMailTo Class - {A17E30C4-A9BA-11D4-8673-60DB54C10000} - C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
O40 - ASIC: YMailAttach Class - {AA218328-0EA8-4D70-8972-E987A9190FF4} - C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash10c.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: Installation Helper - {F4B2380F-9F83-482B-B51F-FD18C7EDD923} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Ancilliary Function Driver for Winsock (AFD) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: Pilote de CD-ROM (cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: @%systemroot%\system32\drivers\dfsc.sys,-101 (DfsC) - C:\WINDOWS\System32\Drivers\dfsc.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de la classe Clavier (kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: McAfee Inc. mfetdik (mfetdik) - C:\WINDOWS\system32\drivers\mfetdik.sys
O41 - Driver: Pilote de la classe Souris (mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NETBT (netbt) - C:\WINDOWS\System32\DRIVERS\netbt.sys
O41 - Driver: NSI proxy service (nsiproxy) - C:\WINDOWS\system32\drivers\nsiproxy.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Redirected Buffering Sub Sysytem (rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: RDPCDD (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: RDP Encoder Mirror Driver (RDPENCDD) - C:\WINDOWS\system32\drivers\rdpencdd.sys
O41 - Driver: Pilote de port série (Serial) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50004 (tdx) - C:\WINDOWS\system32\DRIVERS\tdx.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: (no object) (VgaSave) - C:\Windows\System32\drivers\vga.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (ws2ifsl) - C:\Windows\system32\drivers\ws2ifsl.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Reader 9.2
O42 - Logiciel: Adobe Shockwave Player 11.5
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: CCleaner
O42 - Logiciel: Coffret de pilotes Logitech Legacy USB Camera
O42 - Logiciel: Coffret de pilotes Logitech QuickCam
O42 - Logiciel: Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
O42 - Logiciel: Extension de Windows Live Toolbar (Windows Live Toolbar)
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 3
O42 - Logiciel: Java(TM) 6 Update 15
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: Logitech Webcam Software
O42 - Logiciel: MSVCRT
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: MSXML 4.0 SP2 (KB973688)
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: McAfee Agent
O42 - Logiciel: McAfee AntiSpyware Enterprise Module
O42 - Logiciel: McAfee VirusScan Enterprise
O42 - Logiciel: Menus intelligents (Windows Live Toolbar)
O42 - Logiciel: Messenger Plus! Live
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Choice Guard
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Microsoft Search Enhancement Pack
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86)
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra
O42 - Logiciel: Mozilla Firefox (3.5.6)
O42 - Logiciel: MyDefrag v4.2.7
O42 - Logiciel: OpenOffice.org 3.1
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: Realtek AC'97 Audio
O42 - Logiciel: Revo Uninstaller 1.85
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9
O42 - Logiciel: Surligneur (Windows Live Toolbar)
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
O42 - Logiciel: VLC media player 1.0.1
O42 - Logiciel: WinRAR archiver
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Communications Platform
O42 - Logiciel: Windows Live FolderShare
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Windows Live Writer
O42 - Logiciel: Windows Media Player Firefox Plugin
O42 - Logiciel: Windows Resource Kit Tools - SubInAcl.exe
O42 - Logiciel: XnView 1.94.2
O42 - Logiciel: Yahoo! Extras
O42 - Logiciel: µTorrent

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Ad-Remover
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\Conduit
O43 - CFD:Common File Directory ----D- C:\Program Files\Digital Support
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\JkDefrag
O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD:Common File Directory ----D- C:\Program Files\McAfee
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Plus! Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\MyDefrag v4.2.7
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\trend micro
O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent
O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN
O43 - CFD:Common File Directory ----D- C:\Program Files\VS Revo Group
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Calendar
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Collaboration
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Toolbar
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Portable Devices
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Resource Kits
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar
O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR
O43 - CFD:Common File Directory ----D- C:\Program Files\XnView
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Cisco Systems
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Logishrd
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\McAfee
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Sony Ericsson Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SupportSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Teleca Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Wise Installation Wizard

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
0
Réponse 23 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 07:36
il me dit que la valeur 09 n'est pas correcte ??? quelqu'un sait ce que je dois faire ensuite ???
0
Réponse 24 / 49
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
1 janv. 2010 à 11:27
Re,
Salut,

Patiente un peu, nous sommes le 01/01/2010 ... et certains digèrent encore. ;)

<gras>Attends Lyonnais 92

Il te relatera des lignes anormales :
C:\Users\GIANNI\AppData\Roaming\sdra64.exe
O4 - HKCU\..\Run: [userinit] C:\Users\GIANNI\AppData\Roaming\sdra64.exe
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\opxr.tmp\svchost.exe (2 x)

Et aussi des programmes non à jour (par exemple JAVA)

Tu es entre de bonnes mians

Bonne chance
Al.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 49
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 janv. 2010 à 11:28
Bonjour,

tu es encore très infecté.

En plus, ton infection vole les données confidentielles, en particulier les données bancaires.

Si tu as fait des transactions avec cet ordi (ou si tu as des infos dessus), prends contact avec ta banque.

===

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
0
Réponse 26 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 18:32
ComboFix 09-12-31.A1 - GIANNI 01/01/2010 18:10:45.1.1 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.895.261 [GMT 1:00]
Lancé depuis: C:\Users\GIANNI\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Users\GIANNI\AppData\Roaming\sdra64.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-01 au 2010-01-01 ))))))))))))))))))))))))))))))))))))
.

2010-01-01 17:20:08 . 2010-01-01 17:20:08 -------- d-----w- C:\Users\Default\AppData\Local\temp
2009-12-31 19:41:10 . 2009-12-31 20:08:30 -------- d-----w- C:\Program Files\MyDefrag v4.2.7
2009-12-31 19:41:10 . 2009-12-16 00:11:14 935424 ----a-w- C:\Windows\system32\MyDefragScreenSaver.exe
2009-12-31 19:41:10 . 2009-12-15 22:02:32 93696 ----a-w- C:\Windows\system32\MyDefragScreenSaver.scr
2009-12-31 17:46:41 . 2009-12-31 17:54:00 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\QuickScan
2009-12-31 05:38:11 . 2010-01-01 16:51:32 -------- d-sh--w- C:\Users\GIANNI\AppData\Roaming\lowsec
2009-12-27 10:01:02 . 2009-12-27 10:02:31 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\U3
2009-12-26 17:46:26 . 2009-12-26 17:46:26 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\TuneUp Software
2009-12-24 09:17:26 . 2009-12-27 15:42:54 -------- d-----w- C:\Program Files\VS Revo Group
2009-12-23 22:51:00 . 2009-12-25 08:53:42 -------- d-----w- C:\Program Files\Ad-Remover
2009-12-23 22:42:45 . 2009-12-24 00:08:35 -------- d-----w- C:\Program Files\trend micro
2009-12-23 22:03:19 . 2009-12-23 22:03:19 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\igraal
2009-12-20 20:11:38 . 2009-12-29 10:51:38 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\dvdcss
2009-12-19 22:45:16 . 2009-12-19 22:45:16 -------- d-sh--w- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-19 13:45:27 . 2009-12-03 15:14:06 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-12-19 13:45:22 . 2009-12-03 15:13:56 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-12-15 20:19:40 . 2009-12-15 20:19:54 3175784 ----a-w- C:\Users\GIANNI\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
2009-12-15 19:23:08 . 2009-12-15 20:20:48 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\Uniblue
2009-12-14 11:59:31 . 2008-09-29 07:07:00 90360 ----a-w- C:\Windows\system32\drivers\mfeavfk.sys
2009-12-14 11:59:31 . 2008-09-29 07:07:00 74648 ----a-w- C:\Windows\system32\drivers\mfeapfk.sys
2009-12-14 11:59:31 . 2008-09-29 07:07:00 67904 ----a-w- C:\Windows\system32\mfevtps.exe
2009-12-14 11:59:31 . 2008-09-29 07:07:00 64432 ----a-w- C:\Windows\system32\drivers\mferkdet.sys
2009-12-14 11:59:31 . 2008-09-29 07:07:00 62704 ----a-w- C:\Windows\system32\drivers\mfetdik.sys
2009-12-14 11:59:31 . 2008-09-29 07:07:00 42424 ----a-w- C:\Windows\system32\drivers\mfebopk.sys
2009-12-14 11:59:31 . 2008-09-29 07:07:00 340592 ----a-w- C:\Windows\system32\drivers\mfehidk.sys
2009-12-14 11:58:55 . 2009-12-14 11:58:55 -------- d-----w- C:\Program Files\Common Files\McAfee
2009-12-11 13:23:39 . 2009-11-09 12:31:42 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2009-12-11 13:23:34 . 2009-11-09 10:36:45 411648 ----a-w- C:\Windows\system32\drivers\http.sys
2009-12-11 13:23:33 . 2009-11-09 12:30:03 30720 ----a-w- C:\Windows\system32\httpapi.dll
2009-12-09 21:22:29 . 2009-08-24 11:36:45 377344 ----a-w- C:\Windows\system32\winhttp.dll
2009-12-09 21:18:32 . 2009-10-07 11:36:36 243712 ----a-w- C:\Windows\system32\rastls.dll
2009-12-09 11:03:14 . 2009-12-30 21:36:15 -------- d-----w- C:\QUARANTINE
2009-12-09 10:53:33 . 2009-12-09 10:53:33 -------- d-----w- C:\Program Files\Common Files\Cisco Systems
2009-12-09 10:53:23 . 2009-12-14 11:58:55 -------- d-----w- C:\Program Files\McAfee
2009-12-06 10:42:14 . 2009-12-06 10:42:14 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\Malwarebytes
2009-12-06 10:42:04 . 2009-12-19 13:45:32 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-05 13:01:20 . 2009-12-14 11:59:25 -------- d-----w- C:\ProgramData\McAfee
2009-12-02 17:24:33 . 2009-12-02 17:24:33 -------- d-----w- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 10:32:15 . 2009-11-28 16:57:09 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\vlc
2009-12-31 19:43:45 . 2009-11-03 08:12:59 -------- d-----w- C:\Program Files\JkDefrag
2009-12-31 05:40:30 . 2009-10-31 10:28:00 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\uTorrent
2009-12-27 05:56:58 . 2006-11-02 15:48:33 669328 ----a-w- C:\Windows\system32\perfh00C.dat
2009-12-27 05:56:58 . 2006-11-02 15:48:33 123350 ----a-w- C:\Windows\system32\perfc00C.dat
2009-12-24 09:30:42 . 2007-07-04 20:43:31 -------- d-----w- C:\Program Files\Messenger Plus! Live
2009-12-22 21:57:45 . 2009-08-01 08:57:41 19944 ----a-w- C:\Windows\system32\drivers\atapi.sys
2009-12-19 22:47:35 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Sidebar
2009-12-10 14:30:55 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2009-12-09 11:08:44 . 2007-12-02 19:47:29 -------- d-----w- C:\Program Files\CCleaner
2009-12-07 15:10:17 . 2009-07-21 16:37:55 1 ----a-w- C:\Users\GIANNI\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 10:15:52 . 2009-11-06 15:30:00 -------- d-----w- C:\ProgramData\Messenger Plus!
2009-12-02 09:28:42 . 2007-08-01 17:30:13 -------- d-----w- C:\Program Files\Common Files\Adobe
2009-11-30 19:22:14 . 2009-11-30 19:22:14 -------- d-----w- C:\Program Files\MSECache
2009-11-21 06:40:20 . 2009-12-09 21:19:39 916480 ----a-w- C:\Windows\system32\wininet.dll
2009-11-21 06:34:39 . 2009-12-09 21:19:33 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-11-21 06:34:39 . 2009-12-09 21:19:32 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-11-21 04:59:58 . 2009-12-09 21:19:34 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-11-17 23:26:02 . 2009-11-17 23:26:02 -------- d-----w- C:\Program Files\Windows Portable Devices
2009-11-17 23:25:56 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-11-17 23:25:43 . 2009-11-17 23:25:43 0 ---ha-w- C:\Windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-08 16:53:34 . 2009-11-08 16:53:30 -------- d-----w- C:\Program Files\Digital Support
2009-11-08 16:45:13 . 2007-08-12 10:28:15 -------- d-----w- C:\Users\GIANNI\AppData\Roaming\XnView
2009-11-07 18:43:46 . 2007-07-04 20:43:32 -------- d-----w- C:\Program Files\Windows Live
2009-11-06 15:31:53 . 2008-08-16 08:14:51 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-06 15:27:30 . 2008-03-26 12:11:28 -------- d-----w- C:\Program Files\Common Files\Sony Ericsson Shared
2009-11-04 15:31:54 . 2009-11-04 15:31:54 -------- d-----w- C:\ProgramData\Malwarebytes
2009-11-03 11:35:58 . 2009-11-03 11:35:03 -------- d-----w- C:\Program Files\Common Files\SupportSoft
2009-11-02 19:42:06 . 2009-11-02 08:10:12 195456 ------w- C:\Windows\system32\MpSigStub.exe
2009-11-02 06:53:47 . 2007-07-11 18:41:48 8052 ----a-w- C:\Users\GIANNI\AppData\Local\d3d9caps.dat
2009-10-29 09:17:42 . 2009-11-28 11:42:20 2048 ----a-w- C:\Windows\system32\tzres.dll
2009-10-22 19:07:00 . 2009-10-22 19:07:00 20768 ----a-w- C:\Windows\system32\MFEOtlk.dll
2009-10-08 21:08:01 . 2009-11-17 19:53:37 555520 ----a-w- C:\Windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 . 2009-11-17 19:53:37 234496 ----a-w- C:\Windows\system32\oleacc.dll
2009-10-08 21:07:59 . 2009-11-17 19:53:38 4096 ----a-w- C:\Windows\system32\oleaccrc.dll
2008-09-29 07:07:00 . 2009-12-14 11:59:32 22576 ----a-w- C:\Program Files\mozilla firefox\components\Scriptff.dll
2008-04-18 17:18:51 . 2008-04-18 17:18:51 5 --sha-w- C:\Windows\System32\abffafee_s.dll
2008-04-18 17:00:25 . 2008-04-18 17:00:25 23 --sha-w- C:\Windows\System32\eddafffc_z.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 21:33:40 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\udaterui.exe" [2008-03-14 03:00:00 136512]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 07:07:00 124240]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 15:14:00 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 15:44:52 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08:30 935288 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08:38 35696 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 21:33:10 125952 ----a-w- C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 08:35:50 2780432 ----a-w- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 15:14:00 1394000 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-12-03 15:14:02 429392 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-01-16 18:25:14 460216 ----a-w- C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28:03 1233920 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23:12 149280 ----a-w- C:\Program Files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-09 07:54:09 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-05 14:01:48 289584 ----a-w- C:\Program Files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33:40 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35:35 176128 ----a-w- C:\Windows\System32\wpcumi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):52,1e,d3,ec,8c,12,ca,01

R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [19/12/2009 14:45:30 276816]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [29/09/2008 8:07:00 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [14/12/2009 12:59:31 67904]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [19/12/2009 14:45:22 19160]
S3 FontCache;Service de cache de police Windows;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/04/2008 23:20:44 21504]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [14/12/2009 12:59:31 64432]
S3 s115bus;s115bus;C:\Windows\System32\drivers\s115bus.sys [26/03/2008 13:16:09 83208]
S3 s115mdfl;s115mdfl;C:\Windows\System32\drivers\s115mdfl.sys [26/03/2008 13:17:13 15112]
S3 s115mdm;s115mdm;C:\Windows\System32\drivers\s115mdm.sys [26/03/2008 13:17:14 108680]
S3 s115mgmt;s115mgmt;C:\Windows\System32\drivers\s115mgmt.sys [26/03/2008 13:19:26 100488]
S3 s115obex;s115obex;C:\Windows\System32\drivers\s115obex.sys [26/03/2008 13:18:15 98568]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);C:\Windows\System32\drivers\SMCWGU.sys [29/11/2008 16:39:43 408064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-01-01 C:\Windows\Tasks\User_Feed_Synchronization-{A5599F64-821C-40E3-9000-71BE4A8BFA04}.job
- C:\Windows\system32\msfeedssync.exe [2009-12-09 21:19:32 . 2009-11-21 04:59:14]
.
0
Réponse 27 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 18:45
allo lyonnais tjs là???
suis désolé mais g du m'absenter...
0
Réponse 28 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 19:06
qqu'un peut il prendre le relais ??? sv p merci
0
Réponse 29 / 49
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 janv. 2010 à 19:23
Re,

des fichiers à vérifier.

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Program Files\mozilla firefox\components\Scriptff.dll

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

===

Recommence avec :


C:\Windows\System32\abffafee_s.dll

et

C:\Windows\System32\eddafffc_z.dll

===

Si tu ne trouve pas un fichier

->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
.
===

Remets le rapport C:\Combofix.txt, il n'est pas complet.
0
Réponse 30 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 19:29
Information additionnelle
File size: 22576 bytes
MD5...: c2fe793510df901a36fc322103b2cb32
SHA1..: 6a39fec24efc828337faa1633bc1e37c38e39c15
SHA256: ef3d0b466d1ec34e162b020d38bc8a7913a82051b2676de3a8dfc378c62cd7c9
ssdeep: 384:WatfHtnRb7m3TY8uMPdaAMFrk8LV6FOA6fxVhAbYJLWpKbL9j0:WqtnRbnAM
e8LgFOdxUqLzbRj0
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2468
timedatestamp.....: 0x48c165b7 (Fri Sep 05 17:00:39 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1bad 0x1c00 6.41 eaea76052e5887b6bb05b2693be9a805
.rdata 0x3000 0x10fb 0x1200 4.65 46603a6b74522148e10d580b5341544d
.data 0x5000 0x774 0x400 6.29 e608dff5d6d8e3e2312ee43724ede68d
.rsrc 0x6000 0x3c0 0x400 3.02 f15d70580c0544418fc24f2d70f190ed
.reloc 0x7000 0x6c8 0x800 3.08 ce17b73f807e0a44776cf763b8282195

( 6 imports )
> msvcrt.dll: _unlock, _lock, _amsg_exit, __dllonexit, _onexit, _initterm, _XcptFilter, wcscat, free, malloc, _adjust_fdiv, strncmp, wcsrchr, wcscpy, memset
> xpcom.dll: NS_Free
> KERNEL32.dll: GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, InterlockedCompareExchange, Sleep, InterlockedExchange, RtlUnwind, GetCurrentProcess, GetModuleHandleW, VirtualProtect, LoadLibraryW, GetProcAddress, FreeLibrary, FindClose, GetModuleFileNameW, FindFirstFileW, GetSystemDirectoryW
> USER32.dll: wsprintfW
> ADVAPI32.dll: RegOpenKeyExW, RegQueryValueExW, RegCloseKey
> ntdll.dll: _strnicmp

( 1 exports )
NSGetModule
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: McAfee, Inc.
copyright....: Copyright(c) 1995-2008 McAfee, Inc. All Rights Reserved.
product......: VSCORE.14.1.0.447.x86
description..: VSCore Script Scanner
original name: n/a
internal name: n/a
file version.: VSCORE.14.1.0.447.x86
comments.....: n/a
signers......: McAfee, Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 12:47 AM 9/19/2008
verified.....: -
0
Réponse 31 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 19:38
File size: 5 bytes
MD5...: 938d7d4eb34fdb6ad794957c39ae4750
SHA1..: 84ddce6fbd4dae7d5c00207540f3ee0f9477ea75
SHA256: 53b997f3b2a5be2c44de0408726628d8980cc165d80fb28e0eb6b4e4e6c0aa81
ssdeep: 3:v:v
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
0
Réponse 32 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 19:40
File size: 23 bytes
MD5...: 6e8da776bdfcfb78a4bd7baff9dd5a70
SHA1..: ecd85ef2425fbe38409cd953f50a408c4fc6c8ec
SHA256: 46b76d54fabdfe1f957661351888cd842a45dff934a59e85349f0c714b1a1b7d
ssdeep: 3:gbTiR8V+pd:gyR8Uz
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Unknown!
pdfid.: -
0
Réponse 33 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 20:03
le log de combo était complet
0
Réponse 34 / 49
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 janv. 2010 à 20:33
Re,

relance Combofix en suivant les instruction de cette page web

* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
0
Réponse 35 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 21:02
ComboFix 09-12-31.A1 - GIANNI 01/01/2010 20:42:54.3.1 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.895.319 [GMT 1:00]
Lancé depuis: c:\users\GIANNI\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-01 au 2010-01-01 ))))))))))))))))))))))))))))))))))))
.

2010-01-01 19:51 . 2010-01-01 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-31 19:41 . 2009-12-31 20:08 -------- d-----w- c:\program files\MyDefrag v4.2.7
2009-12-31 19:41 . 2009-12-16 00:11 935424 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-12-31 19:41 . 2009-12-15 22:02 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-12-31 17:46 . 2009-12-31 17:54 -------- d-----w- c:\users\GIANNI\AppData\Roaming\QuickScan
2009-12-31 05:38 . 2010-01-01 16:51 -------- d-sh--w- c:\users\GIANNI\AppData\Roaming\lowsec
2009-12-27 10:01 . 2009-12-27 10:02 -------- d-----w- c:\users\GIANNI\AppData\Roaming\U3
2009-12-26 17:46 . 2009-12-26 17:46 -------- d-----w- c:\users\GIANNI\AppData\Roaming\TuneUp Software
2009-12-24 09:17 . 2009-12-27 15:42 -------- d-----w- c:\program files\VS Revo Group
2009-12-23 22:51 . 2009-12-25 08:53 -------- d-----w- c:\program files\Ad-Remover
2009-12-23 22:42 . 2009-12-24 00:08 -------- d-----w- c:\program files\trend micro
2009-12-23 22:03 . 2009-12-23 22:03 -------- d-----w- c:\users\GIANNI\AppData\Roaming\igraal
2009-12-20 20:11 . 2009-12-29 10:51 -------- d-----w- c:\users\GIANNI\AppData\Roaming\dvdcss
2009-12-19 22:45 . 2009-12-19 22:45 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-19 13:45 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 13:45 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 20:19 . 2009-12-15 20:19 3175784 ----a-w- c:\users\GIANNI\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
2009-12-15 19:23 . 2009-12-15 20:20 -------- d-----w- c:\users\GIANNI\AppData\Roaming\Uniblue
2009-12-14 11:59 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-14 11:59 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-12-14 11:59 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe
2009-12-14 11:59 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-12-14 11:59 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-12-14 11:59 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-14 11:59 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-14 11:58 . 2009-12-14 11:58 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-11 13:23 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 13:23 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 13:23 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 21:22 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 21:18 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 11:03 . 2009-12-30 21:36 -------- d-----w- C:\QUARANTINE
2009-12-09 10:53 . 2009-12-09 10:53 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-12-09 10:53 . 2009-12-14 11:58 -------- d-----w- c:\program files\McAfee
2009-12-06 10:42 . 2009-12-06 10:42 -------- d-----w- c:\users\GIANNI\AppData\Roaming\Malwarebytes
2009-12-06 10:42 . 2009-12-19 13:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 13:01 . 2009-12-14 11:59 -------- d-----w- c:\programdata\McAfee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 19:10 . 2007-06-12 07:33 -------- d-----w- c:\program files\Java
2010-01-01 17:48 . 2009-11-28 16:57 -------- d-----w- c:\users\GIANNI\AppData\Roaming\vlc
2009-12-31 19:43 . 2009-11-03 08:12 -------- d-----w- c:\program files\JkDefrag
2009-12-31 05:40 . 2009-10-31 10:28 -------- d-----w- c:\users\GIANNI\AppData\Roaming\uTorrent
2009-12-27 05:56 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-27 05:56 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-24 09:30 . 2007-07-04 20:43 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-22 21:57 . 2009-08-01 08:57 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-19 22:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-10 14:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 11:08 . 2007-12-02 19:47 -------- d-----w- c:\program files\CCleaner
2009-12-07 15:10 . 2009-07-21 16:37 1 ----a-w- c:\users\GIANNI\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 10:15 . 2009-11-06 15:30 -------- d-----w- c:\programdata\Messenger Plus!
2009-12-02 17:24 . 2009-12-02 17:24 -------- d-----w- c:\program files\uTorrent
2009-12-02 09:28 . 2007-08-01 17:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-30 19:22 . 2009-11-30 19:22 -------- d-----w- c:\program files\MSECache
2009-11-21 06:40 . 2009-12-09 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 21:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 21:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 23:26 . 2009-11-17 23:26 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 23:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 23:25 . 2009-11-17 23:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-08 16:53 . 2009-11-08 16:53 -------- d-----w- c:\program files\Digital Support
2009-11-08 16:45 . 2007-08-12 10:28 -------- d-----w- c:\users\GIANNI\AppData\Roaming\XnView
2009-11-07 18:43 . 2007-07-04 20:43 -------- d-----w- c:\program files\Windows Live
2009-11-06 15:31 . 2008-08-16 08:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-06 15:27 . 2008-03-26 12:11 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared
2009-11-04 15:31 . 2009-11-04 15:31 -------- d-----w- c:\programdata\Malwarebytes
2009-11-03 11:35 . 2009-11-03 11:35 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-11-02 19:42 . 2009-11-02 08:10 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 06:53 . 2007-07-11 18:41 8052 ----a-w- c:\users\GIANNI\AppData\Local\d3d9caps.dat
2009-10-29 09:17 . 2009-11-28 11:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-22 19:07 . 2009-10-22 19:07 20768 ----a-w- c:\windows\system32\MFEOtlk.dll
2009-10-11 03:17 . 2008-12-11 08:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-17 19:53 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-17 19:53 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-17 19:53 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2008-09-29 07:07 . 2009-12-14 11:59 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-04-18 17:18 . 2008-04-18 17:18 5 --sha-w- c:\windows\System32\abffafee_s.dll
2008-04-18 17:00 . 2008-04-18 17:00 23 --sha-w- c:\windows\System32\eddafffc_z.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 21:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 08:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 15:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-12-03 15:14 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-01-16 18:25 460216 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-09 07:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit]
c:\users\GIANNI\AppData\Roaming\sdra64.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-05 14:01 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):52,1e,d3,ec,8c,12,ca,01

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/12/2009 14:45 276816]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [29/09/2008 8:07 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\System32\mfevtps.exe [14/12/2009 12:59 67904]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [19/12/2009 14:45 19160]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/04/2008 23:20 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\System32\drivers\mferkdet.sys [14/12/2009 12:59 64432]
S3 s115bus;s115bus;c:\windows\System32\drivers\s115bus.sys [26/03/2008 13:16 83208]
S3 s115mdfl;s115mdfl;c:\windows\System32\drivers\s115mdfl.sys [26/03/2008 13:17 15112]
S3 s115mdm;s115mdm;c:\windows\System32\drivers\s115mdm.sys [26/03/2008 13:17 108680]
S3 s115mgmt;s115mgmt;c:\windows\System32\drivers\s115mgmt.sys [26/03/2008 13:19 100488]
S3 s115obex;s115obex;c:\windows\System32\drivers\s115obex.sys [26/03/2008 13:18 98568]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\System32\drivers\SMCWGU.sys [29/11/2008 16:39 408064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-01-01 c:\windows\Tasks\User_Feed_Synchronization-{A5599F64-821C-40E3-9000-71BE4A8BFA04}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.macmurphy11.spaces.live.com/
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
FF - ProfilePath - c:\users\GIANNI\AppData\Roaming\Mozilla\Firefox\Profiles\vcyp6mlg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.macmurphy11.spaces.live.com
FF - prefs.js: keyword.URL - hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\GIANNI\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 20:51
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8366A618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8270cd24
\Driver\ACPI -> acpi.sys @ 0x81e0cd68
\Driver\atapi -> ataport.SYS @ 0x81f1ba2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3512)
c:\program files\McAfee\VirusScan Enterprise\scriptsn.dll
c:\program files\McAfee\VirusScan Enterprise\mytilus3.dll
c:\program files\McAfee\VirusScan Enterprise\mytilus3_worker.dll
c:\program files\McAfee\VirusScan Enterprise\RES0c00\McShield.dll
.
Heure de fin: 2010-01-01 20:57:32
ComboFix-quarantined-files.txt 2010-01-01 19:57

Avant-CF: 122.584.825.856 octets libres
Après-CF: 122.606.710.784 octets libres

- - End Of File - - 866F28CD9A6A82CE750EEC38D2ED233D
0
Réponse 36 / 49
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 janv. 2010 à 21:56
Re,

1) le rapport de CF n'était pas complet.

2) tu n'as pas désactivé comme demandé :

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: VirusScan Enterprise + AntiSpyware Enterprise *enabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

===

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 



Rootkit::
c:\users\GIANNI\AppData\Roaming\sdra64.exe
 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 37 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 22:41
ComboFix 09-12-31.A1 - GIANNI 01/01/2010 22:18:57.4.1 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.895.440 [GMT 1:00]
Lancé depuis: c:\users\GIANNI\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\GIANNI\Desktop\CFscript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-01 au 2010-01-01 ))))))))))))))))))))))))))))))))))))
.

2010-01-01 21:27 . 2010-01-01 21:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-01 21:27 . 2010-01-01 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-31 19:41 . 2009-12-31 20:08 -------- d-----w- c:\program files\MyDefrag v4.2.7
2009-12-31 19:41 . 2009-12-16 00:11 935424 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-12-31 19:41 . 2009-12-15 22:02 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-12-31 17:46 . 2009-12-31 17:54 -------- d-----w- c:\users\GIANNI\AppData\Roaming\QuickScan
2009-12-31 05:38 . 2010-01-01 16:51 -------- d-sh--w- c:\users\GIANNI\AppData\Roaming\lowsec
2009-12-27 10:01 . 2009-12-27 10:02 -------- d-----w- c:\users\GIANNI\AppData\Roaming\U3
2009-12-26 17:46 . 2009-12-26 17:46 -------- d-----w- c:\users\GIANNI\AppData\Roaming\TuneUp Software
2009-12-24 09:17 . 2009-12-27 15:42 -------- d-----w- c:\program files\VS Revo Group
2009-12-23 22:51 . 2009-12-25 08:53 -------- d-----w- c:\program files\Ad-Remover
2009-12-23 22:42 . 2009-12-24 00:08 -------- d-----w- c:\program files\trend micro
2009-12-23 22:03 . 2009-12-23 22:03 -------- d-----w- c:\users\GIANNI\AppData\Roaming\igraal
2009-12-20 20:11 . 2009-12-29 10:51 -------- d-----w- c:\users\GIANNI\AppData\Roaming\dvdcss
2009-12-19 22:45 . 2009-12-19 22:45 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-19 13:45 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 13:45 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 20:19 . 2009-12-15 20:19 3175784 ----a-w- c:\users\GIANNI\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe
2009-12-15 19:23 . 2009-12-15 20:20 -------- d-----w- c:\users\GIANNI\AppData\Roaming\Uniblue
2009-12-14 11:59 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-14 11:59 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-12-14 11:59 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe
2009-12-14 11:59 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-12-14 11:59 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-12-14 11:59 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-14 11:59 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-14 11:58 . 2009-12-14 11:58 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-11 13:23 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 13:23 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 13:23 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 21:22 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 21:18 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 11:03 . 2009-12-30 21:36 -------- d-----w- C:\QUARANTINE
2009-12-09 10:53 . 2009-12-09 10:53 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-12-09 10:53 . 2009-12-14 11:58 -------- d-----w- c:\program files\McAfee
2009-12-06 10:42 . 2009-12-06 10:42 -------- d-----w- c:\users\GIANNI\AppData\Roaming\Malwarebytes
2009-12-06 10:42 . 2009-12-19 13:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 13:01 . 2009-12-14 11:59 -------- d-----w- c:\programdata\McAfee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 20:38 . 2009-11-28 16:57 -------- d-----w- c:\users\GIANNI\AppData\Roaming\vlc
2010-01-01 19:10 . 2007-06-12 07:33 -------- d-----w- c:\program files\Java
2009-12-31 19:43 . 2009-11-03 08:12 -------- d-----w- c:\program files\JkDefrag
2009-12-31 05:40 . 2009-10-31 10:28 -------- d-----w- c:\users\GIANNI\AppData\Roaming\uTorrent
2009-12-27 05:56 . 2006-11-02 15:48 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-27 05:56 . 2006-11-02 15:48 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-24 09:30 . 2007-07-04 20:43 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-22 21:57 . 2009-08-01 08:57 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-19 22:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-10 14:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 11:08 . 2007-12-02 19:47 -------- d-----w- c:\program files\CCleaner
2009-12-07 15:10 . 2009-07-21 16:37 1 ----a-w- c:\users\GIANNI\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-06 10:15 . 2009-11-06 15:30 -------- d-----w- c:\programdata\Messenger Plus!
2009-12-02 17:24 . 2009-12-02 17:24 -------- d-----w- c:\program files\uTorrent
2009-12-02 09:28 . 2007-08-01 17:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-30 19:22 . 2009-11-30 19:22 -------- d-----w- c:\program files\MSECache
2009-11-21 06:40 . 2009-12-09 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 21:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 21:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 23:26 . 2009-11-17 23:26 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 23:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 23:25 . 2009-11-17 23:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-08 16:53 . 2009-11-08 16:53 -------- d-----w- c:\program files\Digital Support
2009-11-08 16:45 . 2007-08-12 10:28 -------- d-----w- c:\users\GIANNI\AppData\Roaming\XnView
2009-11-07 18:43 . 2007-07-04 20:43 -------- d-----w- c:\program files\Windows Live
2009-11-06 15:31 . 2008-08-16 08:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-06 15:27 . 2008-03-26 12:11 -------- d-----w- c:\program files\Common Files\Sony Ericsson Shared
2009-11-04 15:31 . 2009-11-04 15:31 -------- d-----w- c:\programdata\Malwarebytes
2009-11-03 11:35 . 2009-11-03 11:35 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-11-02 19:42 . 2009-11-02 08:10 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 06:53 . 2007-07-11 18:41 8052 ----a-w- c:\users\GIANNI\AppData\Local\d3d9caps.dat
2009-10-29 09:17 . 2009-11-28 11:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-22 19:07 . 2009-10-22 19:07 20768 ----a-w- c:\windows\system32\MFEOtlk.dll
2009-10-11 03:17 . 2008-12-11 08:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-17 19:53 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-17 19:53 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-17 19:53 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2008-09-29 07:07 . 2009-12-14 11:59 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-04-18 17:18 . 2008-04-18 17:18 5 --sha-w- c:\windows\System32\abffafee_s.dll
2008-04-18 17:00 . 2008-04-18 17:00 23 --sha-w- c:\windows\System32\eddafffc_z.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 21:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 08:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 15:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-12-03 15:14 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-01-16 18:25 460216 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-09 07:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-05 14:01 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):52,1e,d3,ec,8c,12,ca,01

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/12/2009 14:45 276816]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [29/09/2008 8:07 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\System32\mfevtps.exe [14/12/2009 12:59 67904]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [19/12/2009 14:45 19160]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/04/2008 23:20 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\System32\drivers\mferkdet.sys [14/12/2009 12:59 64432]
S3 s115bus;s115bus;c:\windows\System32\drivers\s115bus.sys [26/03/2008 13:16 83208]
S3 s115mdfl;s115mdfl;c:\windows\System32\drivers\s115mdfl.sys [26/03/2008 13:17 15112]
S3 s115mdm;s115mdm;c:\windows\System32\drivers\s115mdm.sys [26/03/2008 13:17 108680]
S3 s115mgmt;s115mgmt;c:\windows\System32\drivers\s115mgmt.sys [26/03/2008 13:19 100488]
S3 s115obex;s115obex;c:\windows\System32\drivers\s115obex.sys [26/03/2008 13:18 98568]
S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\System32\drivers\SMCWGU.sys [29/11/2008 16:39 408064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-01-01 c:\windows\Tasks\User_Feed_Synchronization-{A5599F64-821C-40E3-9000-71BE4A8BFA04}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.macmurphy11.spaces.live.com/
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
FF - ProfilePath - c:\users\GIANNI\AppData\Roaming\Mozilla\Firefox\Profiles\vcyp6mlg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.macmurphy11.spaces.live.com
FF - prefs.js: keyword.URL - hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\GIANNI\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 22:31
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8366F618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8250dd24
\Driver\ACPI -> acpi.sys @ 0x80612d68
\Driver\atapi -> ataport.SYS @ 0x80721a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-01-01 22:39:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-01 21:38
ComboFix2.txt 2010-01-01 19:57

Avant-CF: 122.626.899.968 octets libres
Après-CF: 122.547.548.160 octets libres

- - End Of File - - 92DB1D44865E7EC3B0D208C2226FE3B7
0
Réponse 38 / 49
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 janv. 2010 à 22:48
Re,

Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe
et enregistre le fichier sur le Bureau.

Merci à Malekal pour le tutoriel

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Lance mbr.exe par clic droit et Exécuter en tant qu'administrateur.
Un rapport sera généré : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.

Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"

Réactive tes protections
Poste ce rapport et supprimes-le ensuite.

Pour vérifier

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.

Réactive tes protections.

Le nouveau mbr.log devrait être celui-ci :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK
0
Réponse 39 / 49
macmurphy Messages postés 181 Date d'inscription mercredi 4 novembre 2009 Statut Membre Dernière intervention 9 février 2015
1 janv. 2010 à 22:56
effectivement


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0
Réponse 40 / 49
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 janv. 2010 à 23:04
Re,

c'est le dernier rapport ?

Dans le premier, tu avais aussi :

detected MBR rootkit hooks:

comme dans le rapport de Combofix ?
0