Analyse d'un scan Hijackthis svp

ParP1 Messages postés 154 Statut Membre -  
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour,

Je voudrai savoir si quelqu'un veut bien m'aider dans l'analyse d'un scan Hijackthis?

Si oui dîtes le moi et je posterai mon log! Merci!
Configuration: Windows XP
Firefox 3.5.7

27 réponses

  • 1
  • 2
  1. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    Poste ton rapport HJT ;)

    @++ :)
    0
  2. ParP1 Messages postés 154 Statut Membre 11
     
    Merciiiiiiiiiiiiiiii!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:06:32, on 30/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ybh.exe
    C:\WINDOWS\msb.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Direct Folders\df.exe
    C:\Program Files\JetStart\JetStart.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe
    C:\Program Files\TimeLeft3\TimeLeft.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
    C:\WINDOWS\system32\AVRUGAD.EXE
    C:\Program Files\vghd\VirtuaGirl_downloader.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Valve\Steam\steam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fdajo%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://get.adobe.com/flashplayer/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [DirectFolders] "C:\Program Files\Direct Folders\df.exe"
    O4 - HKLM\..\Run: [JetStart] C:\Program Files\JetStart\JetStart.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Winsock2 driver] AVRUGAD.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [ShockAero3D] C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe
    O4 - HKCU\..\Run: [F5JMWNZTHI] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ybh.exe
    O4 - HKCU\..\RunOnce: [Winsock2 driver] AVRUGAD.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O24 - Desktop Component 1: (no name) - https://www.google.fr/?gws_rd=ssl
    0
  3. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    -Télécharge et installe MalwareByte's Anti-Malware si n'est déjà fais
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    - Mets le à jour

    ---

    - Redémarre en mode sans échec :

    Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

    ---

    - Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
    - Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
    - clique sur Rechercher

    - Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK

    - Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.

    - Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    - Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK

    Tutoriel pour MalwareByte's ici :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    @++ :)
    0
  4. ParP1 Messages postés 154 Statut Membre 11
     
    Il n'y a rien à touché à mon log HJT?

    Je vais faire tout ce que tu me dis avec malwarebytes
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    Ton PC est bien infecté, bien suivre les instructions et tout devrais bien ce dérouler.

    @++ :)
    0
  7. ParP1 Messages postés 154 Statut Membre 11
     
    Ok sa marche, je te fais confiance dédé!!

    Je vais lancé le scan cette nuit (du moins quand je vais aller me coucher^^) et je te posterai le rapport demain dans la journée!

    Et merci encore du coup de main!
    0
  8. ParP1 Messages postés 154 Statut Membre 11
     
    Voila pour le log de Malware Bytes

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3660
    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 7.0.5730.11

    30/01/2010 16:15:29
    mbam-log-2010-01-30 (16-15-29).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|K:\|L:\|)
    Eléments examinés: 374744
    Temps écoulé: 52 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 4
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\winsock2 driver (Backdoor.Sdbot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsock2 driver (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex\microsoft update (Backdoor.Bot) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kazaabackupfiles (Worm.Archive) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winsvc.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
    C:\Program Files\tmplus\Updater.exe (Rogue.Agent) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kazaabackupfiles\download_me.exe (Worm.Archive) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    0
  9. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    MBAM a fais du bon boulot, on va vérifier ce qui reste, télécharge RSIT (de random/random) sur le bureau ici :
    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

    Les rapports sont dans le dossier ici C:\rsit

    @++ :)
    0
  10. ParP1 Messages postés 154 Statut Membre 11
     
    Voici mon log.txt

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2010-01-30 20:04:50
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 1 GB (6%) free of 20 GB
    Total RAM: 1023 MB (45% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:04:52, on 30/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Direct Folders\df.exe
    C:\Program Files\JetStart\JetStart.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
    C:\Program Files\TimeLeft3\TimeLeft.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\vghd\VirtuaGirl_downloader.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mumble\mumble.exe
    C:\Program Files\Mumble\dbus-daemon.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ybh.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    E:\Download\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adobe.com/go/getflashplayer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [DirectFolders] "C:\Program Files\Direct Folders\df.exe"
    O4 - HKLM\..\Run: [JetStart] C:\Program Files\JetStart\JetStart.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [ShockAero3D] C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe
    O4 - HKCU\..\Run: [F5JMWNZTHI] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ybh.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O24 - Desktop Component 1: (no name) - http://www.google.fr/
    0
  11. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    Télécharge combofix.exe (de sUBs) sur le bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
    https://forum.pcastuces.com/default.asp
    https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

    ==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

    Double clique sur combofix.exe, clique sur OUI et valide par Entrée

    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

    @++ :)
    0
  12. ParP1 Messages postés 154 Statut Membre 11
     
    J'ai réalisé le scan ac Combofix! Le souci étant que lorsqu'il a redémarré mon pc, mon antivirus c'est automatiquement relancé :/ Est ce un souci? Faut-il que je recommence la manip? Surtout que en plus certain autres logiciels se sont aussi lancé automatiquement.

    Et deuxième question: J'ai installé dans la soirée (avant Combofix) Combined Community Codec Pack, des codecs pour pouvoir lire certain format video. Le souci étant qu'il m'a annoncé après l'installation qu'il a touché à la base de registre! Est-ce grave? :/ Faut-il recommencé HJT?

    Et voici le log de Combofix:

    ComboFix 10-01-30.04 - Administrateur 31/01/2010 6:11.1.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.662 [GMT 1:00]
    Lancé depuis: e:\download\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Search Settings
    c:\program files\Search Settings\FF\chrome.manifest
    c:\program files\Search Settings\FF\chrome\content\plugin.js
    c:\program files\Search Settings\FF\chrome\content\plugin.xul
    c:\program files\Search Settings\FF\chrome\content\protection.js
    c:\program files\Search Settings\FF\chrome\content\utils.js
    c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
    c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
    c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
    c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
    c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
    c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
    c:\program files\Search Settings\FF\install.rdf
    c:\program files\Search Settings\kb128\SearchSettingsInstaller.130.exe
    c:\program files\Search Settings\SearchSettings.exe
    c:\program files\Search Settings\SearchSettingsRes409.dll
    c:\windows\admintxt.txt
    c:\windows\Fonts\MyriadPro-Regular.otf
    c:\windows\pack.epk
    c:\windows\system32\spools.exe
    c:\windows\system32\twain_32.dll
    c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SSHNAS

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-31 04:58 . 2010-01-31 04:58 -------- d-----w- c:\program files\Combined Community Codec Pack
    2010-01-30 19:02 . 2010-01-30 19:02 -------- d-----w- C:\rsit
    2010-01-30 02:37 . 2010-01-30 02:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
    2010-01-30 02:37 . 2010-01-30 02:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
    2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-01-30 00:41 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-30 00:41 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-30 00:29 . 2010-01-30 00:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-01-30 00:29 . 2010-01-30 21:59 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
    2010-01-30 00:16 . 2010-01-30 22:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
    2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----w- c:\program files\Fichiers communs\Skype
    2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----r- c:\program files\Skype
    2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-01-29 22:51 . 2010-01-29 22:51 -------- d-----w- c:\program files\Trend Micro
    2010-01-29 20:57 . 2010-01-29 20:57 90624 ---h--w- c:\windows\system32\zyvrvyq.exe
    2010-01-29 20:57 . 2010-01-29 20:57 90624 ---h--w- c:\windows\system32\hcvyyol.exe
    2010-01-29 20:54 . 2010-01-29 20:54 90624 ---h--w- c:\windows\system32\gqguwla.exe
    2010-01-29 20:51 . 2010-01-29 20:51 90624 ---h--w- c:\windows\system32\dbzmstr.exe
    2010-01-29 20:51 . 2010-01-29 20:51 90624 ---h--w- c:\windows\system32\yhizhbb.exe
    2010-01-29 20:50 . 2010-01-29 20:50 90624 ---h--w- c:\windows\system32\avrugad.exe
    2010-01-28 20:11 . 2010-01-28 20:11 94208 ---h--w- c:\windows\system32\rmwmvc.exe
    2010-01-28 20:03 . 2010-01-28 20:03 90624 ---h--w- c:\windows\system32\ylsyfr.exe
    2010-01-28 19:52 . 2010-01-28 19:52 543377 ---h--w- c:\windows\system32\jlehmz.exe
    2010-01-28 19:52 . 2010-01-28 19:52 543377 ---h--w- c:\windows\system32\ythqnh.exe
    2010-01-27 00:02 . 2010-01-27 00:02 -------- d-----w- c:\program files\WinShut XP
    2010-01-27 00:02 . 2010-01-27 00:02 253952 ------w- c:\windows\Setup1.exe
    2010-01-27 00:02 . 2010-01-27 00:02 74752 ----a-w- c:\windows\ST6UNST.EXE
    2010-01-26 23:52 . 2010-01-26 23:52 -------- d-----w- c:\program files\X'nBeep 1.1
    2010-01-11 17:01 . 2009-12-23 19:08 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\FFExternalAlert.dll
    2010-01-11 17:01 . 2009-12-23 19:08 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\RadioWMPCore.dll
    2010-01-11 17:01 . 2009-12-18 10:19 545280 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2010-01-11 17:01 . 2009-12-18 10:19 344064 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2010-01-11 17:01 . 2009-12-18 10:19 153600 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2010-01-11 17:01 . 2009-12-18 10:19 103424 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2010-01-11 17:01 . 2009-12-18 10:19 57856 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2010-01-11 17:01 . 2009-12-18 10:19 4726272 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
    2010-01-11 17:01 . 2009-12-23 17:07 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
    2010-01-11 17:01 . 2009-12-23 17:07 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\RadioWMPCore.dll
    2010-01-10 21:46 . 2010-01-10 21:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Search Settings
    2010-01-10 21:44 . 2010-01-10 21:44 -------- d-----w- c:\program files\Application Updater
    2010-01-10 21:41 . 2010-01-12 23:31 -------- d-----w- c:\program files\AV VCS 3.0
    2010-01-10 21:41 . 2002-12-10 08:11 6852 ----a-w- c:\windows\system32\drivers\Vcs.sys
    2010-01-08 01:37 . 2010-01-08 01:37 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
    2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
    2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
    2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
    2010-01-08 01:36 . 2010-01-08 01:37 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab
    2010-01-06 20:42 . 2010-01-06 20:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
    2010-01-05 09:56 . 2010-01-05 09:56 192512 ------w- c:\windows\system32\dllcache\iepeers.dll
    2010-01-04 22:43 . 2010-01-31 03:28 -------- d-----w- c:\program files\JDownloader

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-31 05:18 . 2009-06-24 20:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\JetStart
    2010-01-31 05:16 . 2009-01-31 17:12 7 ----a-w- c:\windows\sbacknt.bin
    2010-01-30 22:15 . 2008-12-28 05:01 -------- d-----w- c:\program files\Mumble
    2010-01-30 15:15 . 2009-06-18 00:03 -------- d-----w- c:\program files\tmplus
    2010-01-29 23:42 . 2009-01-10 15:38 -------- d-----w- c:\program files\Windows Live
    2010-01-28 17:26 . 2002-09-07 00:00 656358 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-28 17:26 . 2002-09-07 00:00 122276 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-27 21:02 . 2008-12-28 03:11 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2010-01-27 00:43 . 2008-12-28 03:09 49168 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-26 20:54 . 2008-12-28 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-01-26 20:52 . 2008-12-28 02:58 -------- d-----w- c:\program files\Microsoft Works
    2010-01-23 00:16 . 2008-12-28 03:12 -------- d-----w- c:\program files\mIRC
    2010-01-21 17:24 . 2009-01-09 22:10 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-11 17:02 . 2009-09-27 22:33 177024 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\FlashGot.exe
    2010-01-07 19:50 . 2009-01-08 16:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
    2010-01-05 09:56 . 2007-04-02 10:56 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 09:56 . 2007-04-02 10:57 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 09:56 . 2007-04-02 10:56 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-17 23:54 . 2009-10-28 02:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HLSW
    2009-12-14 23:41 . 2009-12-14 23:41 -------- d-----w- c:\program files\Yamipod
    2009-12-14 23:35 . 2009-12-14 23:34 -------- d-----w- c:\program files\iTunes
    2009-12-14 23:35 . 2009-12-14 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-12-14 23:34 . 2009-12-14 23:34 -------- d-----w- c:\program files\iPod
    2009-12-14 23:34 . 2009-12-08 20:52 -------- d-----w- c:\program files\QuickTime Alternative
    2009-12-14 23:34 . 2009-01-21 20:10 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-12-14 23:34 . 2008-12-28 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-12-14 17:47 . 2008-12-28 03:00 -------- d-----w- c:\program files\CCleaner
    2009-12-14 00:22 . 2008-12-28 03:05 -------- d-----w- c:\program files\Java
    2009-12-14 00:17 . 2009-11-23 18:22 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-14 00:17 . 2009-11-23 18:22 79488 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-14 00:10 . 2009-12-14 00:10 -------- d-----w- c:\program files\microsoft frontpage
    2009-12-13 23:54 . 2008-12-28 02:47 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
    2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
    2009-12-12 03:07 . 2009-05-09 00:27 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-12-12 03:07 . 2009-05-09 00:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-12-12 03:07 . 2008-12-28 03:08 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-11 22:11 . 2009-12-11 18:55 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mumble
    2009-12-11 18:36 . 2009-05-09 00:43 367680 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
    2009-12-11 18:36 . 2009-05-09 00:43 179264 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\uix86.dll
    2009-12-11 18:36 . 2009-05-09 00:43 57344 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\pb\pbag.dll
    2009-12-11 18:36 . 2009-05-09 00:43 887856 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\pb\pbcl.dll
    2009-12-11 18:36 . 2009-05-09 00:43 2407488 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
    2009-12-11 18:33 . 2009-05-09 00:27 2373712 ----a-w- c:\windows\system32\pbsvc.exe
    2009-12-11 18:33 . 2009-12-11 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
    2009-12-10 22:44 . 2009-05-05 23:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-08 20:52 . 2008-12-28 03:08 -------- d-----w- c:\program files\Media Player Classic
    2009-12-08 14:29 . 2009-12-02 21:58 3638 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2009-11-30 11:19 . 2009-11-30 11:19 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    2009-11-30 11:17 . 2009-11-30 11:17 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
    2009-11-25 21:00 . 2008-12-28 05:07 0 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    2009-11-21 15:58 . 2004-08-04 04:54 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-19 01:01 . 2009-11-19 01:01 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
    2009-11-19 01:01 . 2009-11-19 01:01 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
    2009-11-19 01:01 . 2009-11-19 01:01 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
    2009-11-19 01:01 . 2009-11-19 01:03 24443520 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_fr.exe
    2006-05-03 10:06 . 2009-09-22 21:46 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 . 2009-09-22 21:46 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2009-09-22 21:46 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ------- Sigcheck -------

    [-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
    [-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
    [-] 2007-04-02 10:56 . 8471A49628E9D70C39383605CFF191B4 . 125912 . . [5.8.0.2694 built by: dnsrv(wmbla)] . . c:\windows\icon_TMP\wuauclt.exe
    [7] 2007-04-02 10:56 . 5E5A6AF2D6FF2D289414C53025FE2337 . 124376 . . [5.8.0.2694 built by: dnsrv(wmbla)] . . c:\windows\system_backup\wuauclt.exe

    [-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 80A5400514EB32D393654768C4017E46 . 979456 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\icon_TMP\explorer.exe
    [7] 2004-08-04 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\system_backup\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-12-28 16384]
    "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
    "UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
    "ShockAero3D"="c:\program files\Shock Utility\ShockAero3D\ShockAero3D.exe" [2008-05-14 1181696]
    "Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-30 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]
    "nwiz"="nwiz.exe" [2007-03-07 1622016]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "DirectFolders"="c:\program files\Direct Folders\df.exe" [2008-12-13 269824]
    "JetStart"="c:\program files\JetStart\JetStart.exe" [2007-05-19 582144]
    "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-06-19 73728]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Adobe Reader Speed Launcher"="e:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2010-01-05 124928]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-1-31 370000]
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
    TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2009-4-30 1975992]
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
    Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-28 169472]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
    "d:\\Company of Heroes\\RelicCOH.exe"=
    "d:\\Valve\\Steam\\SteamApps\\parp1\\day of defeat\\hl.exe"=
    "d:\\Flatout\\FlatOut.exe"=
    "e:\\Jeux\\C.S\\hl.exe"=
    "d:\\Valve\\Steam\\steam.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "e:\\Jeux\\WarcraftIII\\Warcraft III.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "d:\\Valve\\Steam\\SteamApps\\parp1\\team fortress classic\\hl.exe"=
    "d:\\HLSW\\hlsw.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "d:\\Valve\\Steam\\SteamApps\\parp1\\team fortress 2\\hl2.exe"=
    "d:\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "e:\\Jeux\\Dead Space\\Dead Space.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "d:\\Valve\\Steam\\SteamApps\\nenestarouf\\team fortress classic\\hl.exe"=
    "e:\\Jeux\\COD 4 MW\\iw3mp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2008 03:48 717296]
    R0 Stealth;Stealth;c:\windows\system32\drivers\stealth.sys [21/06/2002 09:58 80896]
    R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [28/10/2009 21:45 12800]
    R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [28/10/2009 21:45 43008]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/10/2009 05:13 108289]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928]
    R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [28/10/2009 21:45 102400]
    R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [10/01/2010 22:41 6852]
    R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [28/12/2008 05:32 162176]
    S3 IDMusic;IDMusic;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\IDMusic.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\IDMusic.sys [?]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24/10/2009 10:55 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24/10/2009 10:55 8320]
    S3 unvtcp;unvtcp;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\unvtcp.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\unvtcp.sys [?]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-725345543-839522115-500Core.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 02:37]

    2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-725345543-839522115-500UA.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 02:37]

    2010-01-31 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-12-14 21:18]

    2010-01-22 c:\windows\Tasks\Winamp.job
    - c:\progra~1\Winamp\winamp.exe [2008-08-03 23:04]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.msn.fr/
    uInternet Connection Wizard,ShellNext = hxxp://www.adobe.com/go/getflashplayer
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: Ajouter au fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2031308&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
    FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
    FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
    FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
    FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
    FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: e:\adobe\Reader 9.0\Reader\browser\nppdf32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-31 06:17
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86FDE1F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
    \Driver\ACPI -> ACPI.sys @ 0xf7245cb8
    \Driver\atapi -> 0x86f53014
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
    ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
    ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
    NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7089bb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7096a21
    SendHandler -> NDIS.sys @ 0xf707487b
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-329068152-725345543-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}*]
    "haafpolallpldeno"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
    66,64,00,00
    "iaoenoignnejpncfeg"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
    66,64,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32*]
    "jaefcnkdcgnoidoihfjm"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,
    6d,66,64,00,00
    "iaefimaclolgmlninp"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
    66,64,00,00
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(3088)
    c:\windows\system32\SHDOCVW.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll
    c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\ntshrui.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\Logi_MwX.Exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-01-31 06:21:43 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-01-31 05:21

    Avant-CF: 1 053 978 624 octets libres
    Après-CF: 979 161 088 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 1F50BB317D1550D30C5AF7C25934415A
    0
  13. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    - Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

    - Copie/colle ce qui est en gras ci-dessous dans le Bloc-Notes :

    KillAll::

    File::
    c:\windows\system32\zyvrvyq.exe
    c:\windows\system32\hcvyyol.exe
    c:\windows\system32\gqguwla.exe
    c:\windows\system32\dbzmstr.exe
    c:\windows\system32\yhizhbb.exe
    c:\windows\system32\avrugad.exe
    c:\windows\system32\rmwmvc.exe
    c:\windows\system32\ylsyfr.exe
    c:\windows\system32\jlehmz.exe
    c:\windows\system32\ythqnh.exe
    c:\windows\system32\perfh00C.dat
    c:\windows\system32\perfc00C.dat

    Folder::
    c:\documents and settings\Administrateur\Application Data\Search Settings


    - Enregistre ce fichier sur le bureau (Impératif)

    -Nom du fichier : CFScript.txt
    -Type du fichier : tous les fichiers

    - Clique sur Enregistrer et quitte le Bloc Notes

    Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

    - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

    http://free0.hiboox.com/images/2409/9126d3b136f7db9ab6242ad715b44296.gif

    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    @++ :)
    0
  14. ParP1 Messages postés 154 Statut Membre 11
     
    Voici le ComboFix.txt :

    ComboFix 10-01-30.07 - Administrateur 31/01/2010 17:17:46.2.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.641 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\windows\system32\avrugad.exe"
    "c:\windows\system32\dbzmstr.exe"
    "c:\windows\system32\gqguwla.exe"
    "c:\windows\system32\hcvyyol.exe"
    "c:\windows\system32\jlehmz.exe"
    "c:\windows\system32\perfc00C.dat"
    "c:\windows\system32\perfh00C.dat"
    "c:\windows\system32\rmwmvc.exe"
    "c:\windows\system32\yhizhbb.exe"
    "c:\windows\system32\ylsyfr.exe"
    "c:\windows\system32\ythqnh.exe"
    "c:\windows\system32\zyvrvyq.exe"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrateur\Application Data\Search Settings
    c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14635.log
    c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14636.log
    c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14637.log
    c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14638.log
    c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14639.log
    c:\windows\system32\avrugad.exe
    c:\windows\system32\dbzmstr.exe
    c:\windows\system32\gqguwla.exe
    c:\windows\system32\hcvyyol.exe
    c:\windows\system32\jlehmz.exe
    c:\windows\system32\perfc00C.dat
    c:\windows\system32\perfh00C.dat
    c:\windows\system32\rmwmvc.exe
    c:\windows\system32\yhizhbb.exe
    c:\windows\system32\ylsyfr.exe
    c:\windows\system32\ythqnh.exe
    c:\windows\system32\zyvrvyq.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-31 04:58 . 2010-01-31 04:58 -------- d-----w- c:\program files\Combined Community Codec Pack
    2010-01-30 19:02 . 2010-01-30 19:02 -------- d-----w- C:\rsit
    2010-01-30 02:37 . 2010-01-30 02:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
    2010-01-30 02:37 . 2010-01-30 02:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
    2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2010-01-30 00:41 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-30 00:41 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-30 00:29 . 2010-01-30 00:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-01-30 00:29 . 2010-01-30 21:59 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
    2010-01-30 00:16 . 2010-01-30 22:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
    2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----w- c:\program files\Fichiers communs\Skype
    2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----r- c:\program files\Skype
    2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-01-29 22:51 . 2010-01-29 22:51 -------- d-----w- c:\program files\Trend Micro
    2010-01-27 00:02 . 2010-01-27 00:02 -------- d-----w- c:\program files\WinShut XP
    2010-01-27 00:02 . 2010-01-27 00:02 253952 ------w- c:\windows\Setup1.exe
    2010-01-27 00:02 . 2010-01-27 00:02 74752 ----a-w- c:\windows\ST6UNST.EXE
    2010-01-26 23:52 . 2010-01-26 23:52 -------- d-----w- c:\program files\X'nBeep 1.1
    2010-01-10 21:44 . 2010-01-10 21:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
    2010-01-10 21:44 . 2010-01-10 21:44 -------- d-----w- c:\program files\Application Updater
    2010-01-10 21:41 . 2010-01-12 23:31 -------- d-----w- c:\program files\AV VCS 3.0
    2010-01-10 21:41 . 2002-12-10 08:11 6852 ----a-w- c:\windows\system32\drivers\Vcs.sys
    2010-01-08 01:37 . 2010-01-08 01:37 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-01-08 01:36 . 2010-01-08 01:37 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab
    2010-01-06 20:42 . 2010-01-06 20:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
    2010-01-05 09:56 . 2010-01-05 09:56 192512 ------w- c:\windows\system32\dllcache\iepeers.dll
    2010-01-04 22:43 . 2010-01-31 03:28 -------- d-----w- c:\program files\JDownloader

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-31 16:25 . 2009-06-24 20:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\JetStart
    2010-01-31 16:23 . 2009-01-31 17:12 7 ----a-w- c:\windows\sbacknt.bin
    2010-01-31 16:00 . 2008-12-28 05:01 -------- d-----w- c:\program files\Mumble
    2010-01-30 15:15 . 2009-06-18 00:03 -------- d-----w- c:\program files\tmplus
    2010-01-29 23:42 . 2009-01-10 15:38 -------- d-----w- c:\program files\Windows Live
    2010-01-27 21:02 . 2008-12-28 03:11 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2010-01-27 00:43 . 2008-12-28 03:09 49168 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-26 20:54 . 2008-12-28 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-01-26 20:52 . 2008-12-28 02:58 -------- d-----w- c:\program files\Microsoft Works
    2010-01-23 00:16 . 2008-12-28 03:12 -------- d-----w- c:\program files\mIRC
    2010-01-21 17:24 . 2009-01-09 22:10 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-11 17:02 . 2009-09-27 22:33 177024 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\FlashGot.exe
    2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
    2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
    2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
    2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
    2010-01-07 19:50 . 2009-01-08 16:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
    2010-01-05 09:56 . 2007-04-02 10:56 832512 ------w- c:\windows\system32\wininet.dll
    2010-01-05 09:56 . 2007-04-02 10:57 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 09:56 . 2007-04-02 10:56 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-23 19:08 . 2010-01-11 17:01 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\FFExternalAlert.dll
    2009-12-23 19:08 . 2010-01-11 17:01 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\RadioWMPCore.dll
    2009-12-23 17:07 . 2010-01-11 17:01 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
    2009-12-23 17:07 . 2010-01-11 17:01 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\RadioWMPCore.dll
    2009-12-18 10:19 . 2010-01-11 17:01 545280 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
    2009-12-18 10:19 . 2010-01-11 17:01 344064 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
    2009-12-18 10:19 . 2010-01-11 17:01 153600 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    2009-12-18 10:19 . 2010-01-11 17:01 103424 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
    2009-12-18 10:19 . 2010-01-11 17:01 57856 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    2009-12-18 10:19 . 2010-01-11 17:01 4726272 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
    2009-12-17 23:54 . 2009-10-28 02:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HLSW
    2009-12-14 23:41 . 2009-12-14 23:41 -------- d-----w- c:\program files\Yamipod
    2009-12-14 23:35 . 2009-12-14 23:34 -------- d-----w- c:\program files\iTunes
    2009-12-14 23:35 . 2009-12-14 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-12-14 23:34 . 2009-12-14 23:34 -------- d-----w- c:\program files\iPod
    2009-12-14 23:34 . 2009-12-08 20:52 -------- d-----w- c:\program files\QuickTime Alternative
    2009-12-14 23:34 . 2009-01-21 20:10 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-12-14 23:34 . 2008-12-28 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-12-14 17:47 . 2008-12-28 03:00 -------- d-----w- c:\program files\CCleaner
    2009-12-14 00:22 . 2008-12-28 03:05 -------- d-----w- c:\program files\Java
    2009-12-14 00:17 . 2009-11-23 18:22 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-14 00:17 . 2009-11-23 18:22 79488 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-14 00:10 . 2009-12-14 00:10 -------- d-----w- c:\program files\microsoft frontpage
    2009-12-13 23:54 . 2008-12-28 02:47 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
    2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
    2009-12-12 03:07 . 2009-05-09 00:27 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-12-12 03:07 . 2009-05-09 00:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-12-12 03:07 . 2008-12-28 03:08 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-11 22:11 . 2009-12-11 18:55 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mumble
    2009-12-11 18:36 . 2009-05-09 00:43 367680 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
    2009-12-11 18:36 . 2009-05-09 00:43 179264 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\uix86.dll
    2009-12-11 18:36 . 2009-05-09 00:43 57344 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\pb\pbag.dll
    2009-12-11 18:36 . 2009-05-09 00:43 887856 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\pb\pbcl.dll
    2009-12-11 18:36 . 2009-05-09 00:43 2407488 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
    2009-12-11 18:33 . 2009-05-09 00:27 2373712 ----a-w- c:\windows\system32\pbsvc.exe
    2009-12-11 18:33 . 2009-12-11 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
    2009-12-10 22:44 . 2009-05-05 23:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-08 20:52 . 2008-12-28 03:08 -------- d-----w- c:\program files\Media Player Classic
    2009-12-08 14:29 . 2009-12-02 21:58 3638 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2009-11-30 11:19 . 2009-11-30 11:19 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    2009-11-30 11:17 . 2009-11-30 11:17 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
    2009-11-25 21:00 . 2008-12-28 05:07 0 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    2009-11-21 15:58 . 2004-08-04 04:54 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-19 01:01 . 2009-11-19 01:01 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
    2009-11-19 01:01 . 2009-11-19 01:01 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
    2009-11-19 01:01 . 2009-11-19 01:01 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
    2009-11-19 01:01 . 2009-11-19 01:03 24443520 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_fr.exe
    2006-05-03 10:06 . 2009-09-22 21:46 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47 . 2009-09-22 21:46 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30 . 2009-09-22 21:46 216064 --sh--r- c:\windows\system32\nbDX.dll
    .

    ------- Sigcheck -------

    [-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
    [-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
    [-] 2007-04-02 10:56 . 8471A49628E9D70C39383605CFF191B4 . 125912 . . [5.8.0.2694 built by: dnsrv(wmbla)] . . c:\windows\icon_TMP\wuauclt.exe
    [7] 2007-04-02 10:56 . 5E5A6AF2D6FF2D289414C53025FE2337 . 124376 . . [5.8.0.2694 built by: dnsrv(wmbla)] . . c:\windows\system_backup\wuauclt.exe

    [-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 80A5400514EB32D393654768C4017E46 . 979456 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\icon_TMP\explorer.exe
    [7] 2004-08-04 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\system_backup\explorer.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-01-31_05.17.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-01-31 16:23 . 2010-01-31 16:23 16384 c:\windows\temp\Perflib_Perfdata_67c.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-12-28 16384]
    "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
    "UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
    "ShockAero3D"="c:\program files\Shock Utility\ShockAero3D\ShockAero3D.exe" [2008-05-14 1181696]
    "Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-30 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]
    "nwiz"="nwiz.exe" [2007-03-07 1622016]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "DirectFolders"="c:\program files\Direct Folders\df.exe" [2008-12-13 269824]
    "JetStart"="c:\program files\JetStart\JetStart.exe" [2007-05-19 582144]
    "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-06-19 73728]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Adobe Reader Speed Launcher"="e:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2010-01-05 124928]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-1-31 370000]
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
    TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2009-4-30 1975992]
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
    Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-28 169472]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
    "d:\\Company of Heroes\\RelicCOH.exe"=
    "d:\\Valve\\Steam\\SteamApps\\parp1\\day of defeat\\hl.exe"=
    "d:\\Flatout\\FlatOut.exe"=
    "e:\\Jeux\\C.S\\hl.exe"=
    "d:\\Valve\\Steam\\steam.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "e:\\Jeux\\WarcraftIII\\Warcraft III.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "d:\\Valve\\Steam\\SteamApps\\parp1\\team fortress classic\\hl.exe"=
    "d:\\HLSW\\hlsw.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "d:\\Valve\\Steam\\SteamApps\\parp1\\team fortress 2\\hl2.exe"=
    "d:\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "e:\\Jeux\\Dead Space\\Dead Space.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "d:\\Valve\\Steam\\SteamApps\\nenestarouf\\team fortress classic\\hl.exe"=
    "e:\\Jeux\\COD 4 MW\\iw3mp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2008 03:48 717296]
    R0 Stealth;Stealth;c:\windows\system32\drivers\stealth.sys [21/06/2002 09:58 80896]
    R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [28/10/2009 21:45 12800]
    R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [28/10/2009 21:45 43008]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/10/2009 05:13 108289]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928]
    R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [28/10/2009 21:45 102400]
    R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [10/01/2010 22:41 6852]
    R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [28/12/2008 05:32 162176]
    S3 IDMusic;IDMusic;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\IDMusic.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\IDMusic.sys [?]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24/10/2009 10:55 136704]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24/10/2009 10:55 8320]
    S3 unvtcp;unvtcp;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\unvtcp.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\unvtcp.sys [?]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-725345543-839522115-500Core.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 02:37]

    2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-725345543-839522115-500UA.job
    - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 02:37]

    2010-01-31 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-12-14 21:18]

    2010-01-22 c:\windows\Tasks\Winamp.job
    - c:\progra~1\Winamp\winamp.exe [2008-08-03 23:04]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.msn.fr/
    uInternet Connection Wizard,ShellNext = hxxp://www.adobe.com/go/getflashplayer
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: Ajouter au fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2031308&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-31 17:24
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86FDD1F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
    \Driver\ACPI -> ACPI.sys @ 0xf7245cb8
    \Driver\atapi -> 0x86f22014
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
    ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
    ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
    NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7089bb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7096a21
    SendHandler -> NDIS.sys @ 0xf707487b
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-329068152-725345543-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}*]
    "haafpolallpldeno"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
    66,64,00,00
    "iaoenoignnejpncfeg"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
    66,64,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32*]
    "jaefcnkdcgnoidoihfjm"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,
    6d,66,64,00,00
    "iaefimaclolgmlninp"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
    66,64,00,00
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(1676)
    c:\windows\system32\SHDOCVW.dll
    c:\program files\SuperCopier2\SC2Hook.dll
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll
    c:\program files\Direct Folders\hook.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\ntshrui.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\Logi_MwX.Exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-01-31 17:28:29 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-01-31 16:28
    ComboFix2.txt 2010-01-31 05:21

    Avant-CF: 990 650 368 octets libres
    Après-CF: 950 665 216 octets libres

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - A5CAB5397F31072E0708897035FAC012
    0
  15. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    Télécharge MBR par (GMER) sur ton Bureau :

    http://www2.gmer.net/mbr/mbr.exe

    - Désactive tous les programmes de protection (antivirus, antispyware etc.)
    https://forum.pcastuces.com/default.asp

    - Double-clique sur mbr.exe > une fenêtre noire va s'ouvrir et se refermer.
    - Poste le rapport mbr.log qui apparaît.

    @++ :)
    0
  16. ParP1 Messages postés 154 Statut Membre 11
     
    Voila c'est fait:

    Il n'y a que sa dans le log mbr.log >.<

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    Mais à quoi sa sert tout sa dédétraqué?
    0
  17. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    Une possible infection détecté par Combofix :
    Warning: possible MBR rootkit infection !

    Et maintenant je fais des vérifications sur cette possible infection.

    Télécharge Gmer et enregistre-le sur ton bureau.
    http://www2.gmer.net/download.php

    - Déconnecte toi d'internet si possible et ferme tous les programmes, puis lance l'outil.
    - Clique sur le bouton "Scan" sur la droite.

    - Lorsque le scan est terminé, clic sur "Copy".
    - Ouvre le bloc-note et clic sur le Menu Edition / Coller
    - Le rapport doit alors apparaître.

    - Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

    @++ :)
    0
  18. ParP1 Messages postés 154 Statut Membre 11
     
    Dédétraqué,

    Sa ne marche pas le scan avec Gmer. Du moins si sa marche mais au bout d'un moment du scan mon pc reboot tout seul et je ne sais pas pourquoi. Donc impossible de sauvegarder le log :/

    J'ai fait tout se que tu m'as dis: déconnecté d'internet, aucun programme lancé (j'ai même néttoyé dans "processus") et j'ai même aussi désactivé mon par-feu et Antivir!

    Que faire?
    0
  19. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut ParP1

    Voir en mode sans échec avec le scan avec GMER

    @++ :)
    0
  20. ParP1 Messages postés 154 Statut Membre 11
     
    Désolé du blanc dédé j'étais absent ce weekend.
    J'ai réalisé le scan je te le post ce soir!!
    0
  21. ParP1 Messages postés 154 Statut Membre 11
     
    Voila mon scan GMER réalisé en mode sans échec (j'ai coché les deux autres disques dur de mon pc D et E en plus de C) :

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-02-08 07:37:12
    Windows 5.1.2600 Service Pack 3
    Running: 47eq02d3.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgdyikow.sys

    ---- System - GMER 1.0.15 ----

    SSDT spir.sys ZwCreateKey [0xF73670E0]
    SSDT spir.sys ZwEnumerateKey [0xF7385CA2]
    SSDT spir.sys ZwEnumerateValueKey [0xF7386030]
    SSDT spir.sys ZwOpenKey [0xF73670C0]
    SSDT spir.sys ZwQueryKey [0xF7386108]
    SSDT spir.sys ZwQueryValueKey [0xF7385F88]
    SSDT spir.sys ZwSetValueKey [0xF738619A]

    INT 0x62 ? 86F6FBF8
    INT 0x73 ? 86F20D38
    INT 0x83 ? 86FDCBF8
    INT 0xB4 ? 86F20D38

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spir.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload F70E68AC 5 Bytes JMP 86F20318

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F722D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7398C4C] spir.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7398CA0] spir.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7368040] spir.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F736813C] spir.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73680BE] spir.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73687FC] spir.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73686D2] spir.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7378048] spir.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F20418

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 86F6D1F8
    Device \Driver\usbohci \Device\USBPDO-0 86EA61F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F701F8
    Device \Driver\dmio \Device\DmControl\DmConfig 86F701F8
    Device \Driver\dmio \Device\DmControl\DmPnP 86F701F8
    Device \Driver\dmio \Device\DmControl\DmInfo 86F701F8
    Device \Driver\usbehci \Device\USBPDO-1 86ECD1F8
    Device \Driver\nvata \Device\00000070 86FDC1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 86FDE1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 86FDE1F8
    Device \Driver\Cdrom \Device\CdRom0 86EB01F8
    Device \Driver\Cdrom \Device\CdRom0 86F3BFD1
    Device \Driver\Ftdisk \Device\HarddiskVolume3 86FDE1F8
    Device \Driver\Cdrom \Device\CdRom1 86EB01F8
    Device \Driver\Cdrom \Device\CdRom1 86F3BFD1
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72A6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F3D014
    Device \Driver\atapi \Device\Ide\IdePort0 [F72A6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 86F3D014
    Device \Driver\atapi \Device\Ide\IdePort1 [F72A6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 86F3D014
    Device \Driver\Cdrom \Device\CdRom2 86EB01F8
    Device \Driver\Cdrom \Device\CdRom2 86F3BFD1
    Device \Driver\Cdrom \Device\CdRom3 86EB01F8
    Device \Driver\Cdrom \Device\CdRom3 86F3BFD1
    Device \Driver\usbohci \Device\USBFDO-0 86EA61F8
    Device \Driver\usbehci \Device\USBFDO-1 86ECD1F8
    Device \Driver\nvata \Device\NvAta0 86FDC1F8
    Device \Driver\nvata \Device\0000006f 86FDC1F8
    Device \Driver\Ftdisk \Device\FtControl 86FDE1F8
    Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target1Lun0 86FDD1F8
    Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target0Lun0 86FDD1F8
    Device \Driver\Stealth \Device\Scsi\Stealth1 86FDD1F8
    Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target2Lun0 86FDD1F8
    Device \FileSystem\Cdfs \Cdfs 86BB61F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x8A 0xB5 0xC9 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x91 0x73 0x44 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x46 0xBC 0x0C ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0xAE 0xCA 0x74 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7D 0x17 0x4C 0xCE ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD3 0xD3 0x09 0x52 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x2A 0x98 0x09 0xBC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares@ParP1\xb2 (J) CSCFlags=0?MaxUses=4294967295?Path=J:\?Permissions=0?Remark=?Type=0?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1487498670
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -625594627
    Reg HKLM\SYSTEM\ControlSet004\Services\lanmanserver\Shares@ParP1\xb2 (J) CSCFlags=0?MaxUses=4294967295?Path=J:\?Permissions=0?Remark=?Type=0?
    Reg HKLM\SOFTWARE\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32@jaefcnkdcgnoidoihfjm 0x6A 0x61 0x6B 0x6B ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32@iaefimaclolgmlninp 0x6A 0x61 0x6B 0x6B ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}@haafpolallpldeno 0x6A 0x61 0x6B 0x6B ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}@iaoenoignnejpncfeg 0x6A 0x61 0x6B 0x6B ...

    ---- EOF - GMER 1.0.15 ----

    Et une autres petite question personnel en plus:
    Est tu un bot? xD Nan car tu répond d'une façon très robotique :p
    Après je comprends étant donné que tu fais sa pour aider et que tu ne peu pas écrire tout un discours à chaque fois. Tu n'es pas obligé de répondre à cette question xD

    Merci beaucoup en tout cas de ton aide!

    J'attends te réponse
    0
  • 1
  • 2