Analyse d'un scan Hijackthis svp

ParP1 Messages postés 154 Statut Membre -  
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour,

Je voudrai savoir si quelqu'un veut bien m'aider dans l'analyse d'un scan Hijackthis?

Si oui dîtes le moi et je posterai mon log! Merci!
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


Poste ton rapport HJT ;)


@++ :)
0
Réponse 2 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Merciiiiiiiiiiiiiiii!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:32, on 30/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ybh.exe
C:\WINDOWS\msb.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Direct Folders\df.exe
C:\Program Files\JetStart\JetStart.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\WINDOWS\system32\AVRUGAD.EXE
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
D:\Valve\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fdajo%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://get.adobe.com/flashplayer/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DirectFolders] "C:\Program Files\Direct Folders\df.exe"
O4 - HKLM\..\Run: [JetStart] C:\Program Files\JetStart\JetStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Winsock2 driver] AVRUGAD.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ShockAero3D] C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ybh.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] AVRUGAD.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 1: (no name) - https://www.google.fr/?gws_rd=ssl
0
Réponse 3 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


-Télécharge et installe MalwareByte's Anti-Malware si n'est déjà fais
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Mets le à jour

---

- Redémarre en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

---

- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK

- Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK

Tutoriel pour MalwareByte's ici :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/


@++ :)
0
Réponse 4 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Il n'y a rien à touché à mon log HJT?

Je vais faire tout ce que tu me dis avec malwarebytes
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


Ton PC est bien infecté, bien suivre les instructions et tout devrais bien ce dérouler.


@++ :)
0
Réponse 6 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Ok sa marche, je te fais confiance dédé!!

Je vais lancé le scan cette nuit (du moins quand je vais aller me coucher^^) et je te posterai le rapport demain dans la journée!

Et merci encore du coup de main!
0
Réponse 7 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Voila pour le log de Malware Bytes

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3660
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

30/01/2010 16:15:29
mbam-log-2010-01-30 (16-15-29).txt

Type de recherche: Examen complet (C:\|D:\|E:\|K:\|L:\|)
Eléments examinés: 374744
Temps écoulé: 52 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\winsock2 driver (Backdoor.Sdbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsock2 driver (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex\microsoft update (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kazaabackupfiles (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winsvc.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Program Files\tmplus\Updater.exe (Rogue.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kazaabackupfiles\download_me.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
0
Réponse 8 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


MBAM a fais du bon boulot, on va vérifier ce qui reste, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit


@++ :)
0
Réponse 9 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Voici mon log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-30 20:04:50
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 1 GB (6%) free of 20 GB
Total RAM: 1023 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:52, on 30/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Direct Folders\df.exe
C:\Program Files\JetStart\JetStart.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Mumble\dbus-daemon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ybh.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Download\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adobe.com/go/getflashplayer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DirectFolders] "C:\Program Files\Direct Folders\df.exe"
O4 - HKLM\..\Run: [JetStart] C:\Program Files\JetStart\JetStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [ShockAero3D] C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Ybh.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 1: (no name) - http://www.google.fr/
0
Réponse 10 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++ :)
0
Réponse 11 / 27
ParP1 Messages postés 154 Statut Membre 11
 
J'ai réalisé le scan ac Combofix! Le souci étant que lorsqu'il a redémarré mon pc, mon antivirus c'est automatiquement relancé :/ Est ce un souci? Faut-il que je recommence la manip? Surtout que en plus certain autres logiciels se sont aussi lancé automatiquement.

Et deuxième question: J'ai installé dans la soirée (avant Combofix) Combined Community Codec Pack, des codecs pour pouvoir lire certain format video. Le souci étant qu'il m'a annoncé après l'installation qu'il a touché à la base de registre! Est-ce grave? :/ Faut-il recommencé HJT?

Et voici le log de Combofix:

ComboFix 10-01-30.04 - Administrateur 31/01/2010 6:11.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.662 [GMT 1:00]
Lancé depuis: e:\download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\kb128\SearchSettingsInstaller.130.exe
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\admintxt.txt
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\pack.epk
c:\windows\system32\spools.exe
c:\windows\system32\twain_32.dll
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))
.

2010-01-31 04:58 . 2010-01-31 04:58 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-01-30 19:02 . 2010-01-30 19:02 -------- d-----w- C:\rsit
2010-01-30 02:37 . 2010-01-30 02:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
2010-01-30 02:37 . 2010-01-30 02:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-01-30 00:41 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 00:41 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 00:29 . 2010-01-30 00:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-30 00:29 . 2010-01-30 21:59 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2010-01-30 00:16 . 2010-01-30 22:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----r- c:\program files\Skype
2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-29 22:51 . 2010-01-29 22:51 -------- d-----w- c:\program files\Trend Micro
2010-01-29 20:57 . 2010-01-29 20:57 90624 ---h--w- c:\windows\system32\zyvrvyq.exe
2010-01-29 20:57 . 2010-01-29 20:57 90624 ---h--w- c:\windows\system32\hcvyyol.exe
2010-01-29 20:54 . 2010-01-29 20:54 90624 ---h--w- c:\windows\system32\gqguwla.exe
2010-01-29 20:51 . 2010-01-29 20:51 90624 ---h--w- c:\windows\system32\dbzmstr.exe
2010-01-29 20:51 . 2010-01-29 20:51 90624 ---h--w- c:\windows\system32\yhizhbb.exe
2010-01-29 20:50 . 2010-01-29 20:50 90624 ---h--w- c:\windows\system32\avrugad.exe
2010-01-28 20:11 . 2010-01-28 20:11 94208 ---h--w- c:\windows\system32\rmwmvc.exe
2010-01-28 20:03 . 2010-01-28 20:03 90624 ---h--w- c:\windows\system32\ylsyfr.exe
2010-01-28 19:52 . 2010-01-28 19:52 543377 ---h--w- c:\windows\system32\jlehmz.exe
2010-01-28 19:52 . 2010-01-28 19:52 543377 ---h--w- c:\windows\system32\ythqnh.exe
2010-01-27 00:02 . 2010-01-27 00:02 -------- d-----w- c:\program files\WinShut XP
2010-01-27 00:02 . 2010-01-27 00:02 253952 ------w- c:\windows\Setup1.exe
2010-01-27 00:02 . 2010-01-27 00:02 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-01-26 23:52 . 2010-01-26 23:52 -------- d-----w- c:\program files\X'nBeep 1.1
2010-01-11 17:01 . 2009-12-23 19:08 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\FFExternalAlert.dll
2010-01-11 17:01 . 2009-12-23 19:08 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\RadioWMPCore.dll
2010-01-11 17:01 . 2009-12-18 10:19 545280 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-11 17:01 . 2009-12-18 10:19 344064 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-11 17:01 . 2009-12-18 10:19 153600 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-11 17:01 . 2009-12-18 10:19 103424 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-11 17:01 . 2009-12-18 10:19 57856 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-11 17:01 . 2009-12-18 10:19 4726272 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-11 17:01 . 2009-12-23 17:07 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
2010-01-11 17:01 . 2009-12-23 17:07 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\RadioWMPCore.dll
2010-01-10 21:46 . 2010-01-10 21:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Search Settings
2010-01-10 21:44 . 2010-01-10 21:44 -------- d-----w- c:\program files\Application Updater
2010-01-10 21:41 . 2010-01-12 23:31 -------- d-----w- c:\program files\AV VCS 3.0
2010-01-10 21:41 . 2002-12-10 08:11 6852 ----a-w- c:\windows\system32\drivers\Vcs.sys
2010-01-08 01:37 . 2010-01-08 01:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-08 01:36 . 2010-01-08 01:37 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab
2010-01-06 20:42 . 2010-01-06 20:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2010-01-05 09:56 . 2010-01-05 09:56 192512 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-01-04 22:43 . 2010-01-31 03:28 -------- d-----w- c:\program files\JDownloader

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 05:18 . 2009-06-24 20:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\JetStart
2010-01-31 05:16 . 2009-01-31 17:12 7 ----a-w- c:\windows\sbacknt.bin
2010-01-30 22:15 . 2008-12-28 05:01 -------- d-----w- c:\program files\Mumble
2010-01-30 15:15 . 2009-06-18 00:03 -------- d-----w- c:\program files\tmplus
2010-01-29 23:42 . 2009-01-10 15:38 -------- d-----w- c:\program files\Windows Live
2010-01-28 17:26 . 2002-09-07 00:00 656358 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-28 17:26 . 2002-09-07 00:00 122276 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-27 21:02 . 2008-12-28 03:11 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-27 00:43 . 2008-12-28 03:09 49168 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 20:54 . 2008-12-28 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-26 20:52 . 2008-12-28 02:58 -------- d-----w- c:\program files\Microsoft Works
2010-01-23 00:16 . 2008-12-28 03:12 -------- d-----w- c:\program files\mIRC
2010-01-21 17:24 . 2009-01-09 22:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 17:02 . 2009-09-27 22:33 177024 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\FlashGot.exe
2010-01-07 19:50 . 2009-01-08 16:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2010-01-05 09:56 . 2007-04-02 10:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2007-04-02 10:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2007-04-02 10:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-17 23:54 . 2009-10-28 02:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HLSW
2009-12-14 23:41 . 2009-12-14 23:41 -------- d-----w- c:\program files\Yamipod
2009-12-14 23:35 . 2009-12-14 23:34 -------- d-----w- c:\program files\iTunes
2009-12-14 23:35 . 2009-12-14 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-12-14 23:34 . 2009-12-14 23:34 -------- d-----w- c:\program files\iPod
2009-12-14 23:34 . 2009-12-08 20:52 -------- d-----w- c:\program files\QuickTime Alternative
2009-12-14 23:34 . 2009-01-21 20:10 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-12-14 23:34 . 2008-12-28 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-14 17:47 . 2008-12-28 03:00 -------- d-----w- c:\program files\CCleaner
2009-12-14 00:22 . 2008-12-28 03:05 -------- d-----w- c:\program files\Java
2009-12-14 00:17 . 2009-11-23 18:22 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-14 00:17 . 2009-11-23 18:22 79488 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-14 00:10 . 2009-12-14 00:10 -------- d-----w- c:\program files\microsoft frontpage
2009-12-13 23:54 . 2008-12-28 02:47 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2009-12-12 03:07 . 2009-05-09 00:27 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-12 03:07 . 2009-05-09 00:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-12 03:07 . 2008-12-28 03:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 22:11 . 2009-12-11 18:55 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mumble
2009-12-11 18:36 . 2009-05-09 00:43 367680 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-12-11 18:36 . 2009-05-09 00:43 179264 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-12-11 18:36 . 2009-05-09 00:43 57344 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-12-11 18:36 . 2009-05-09 00:43 887856 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-12-11 18:36 . 2009-05-09 00:43 2407488 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-12-11 18:33 . 2009-05-09 00:27 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-11 18:33 . 2009-12-11 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-12-10 22:44 . 2009-05-05 23:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 20:52 . 2008-12-28 03:08 -------- d-----w- c:\program files\Media Player Classic
2009-12-08 14:29 . 2009-12-02 21:58 3638 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-30 11:19 . 2009-11-30 11:19 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2009-11-30 11:17 . 2009-11-30 11:17 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2009-11-25 21:00 . 2008-12-28 05:07 0 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
2009-11-21 15:58 . 2004-08-04 04:54 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 01:01 . 2009-11-19 01:01 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-19 01:01 . 2009-11-19 01:01 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-19 01:01 . 2009-11-19 01:01 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-19 01:01 . 2009-11-19 01:03 24443520 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_fr.exe
2006-05-03 10:06 . 2009-09-22 21:46 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-09-22 21:46 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-09-22 21:46 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2007-04-02 10:56 . 8471A49628E9D70C39383605CFF191B4 . 125912 . . [5.8.0.2694 built by: dnsrv(wmbla)] . . c:\windows\icon_TMP\wuauclt.exe
[7] 2007-04-02 10:56 . 5E5A6AF2D6FF2D289414C53025FE2337 . 124376 . . [5.8.0.2694 built by: dnsrv(wmbla)] . . c:\windows\system_backup\wuauclt.exe

[-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 80A5400514EB32D393654768C4017E46 . 979456 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\icon_TMP\explorer.exe
[7] 2004-08-04 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\system_backup\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-12-28 16384]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"ShockAero3D"="c:\program files\Shock Utility\ShockAero3D\ShockAero3D.exe" [2008-05-14 1181696]
"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-30 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]
"nwiz"="nwiz.exe" [2007-03-07 1622016]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"DirectFolders"="c:\program files\Direct Folders\df.exe" [2008-12-13 269824]
"JetStart"="c:\program files\JetStart\JetStart.exe" [2007-05-19 582144]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-06-19 73728]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="e:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-01-05 124928]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-1-31 370000]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2009-4-30 1975992]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-28 169472]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"d:\\Company of Heroes\\RelicCOH.exe"=
"d:\\Valve\\Steam\\SteamApps\\parp1\\day of defeat\\hl.exe"=
"d:\\Flatout\\FlatOut.exe"=
"e:\\Jeux\\C.S\\hl.exe"=
"d:\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Jeux\\WarcraftIII\\Warcraft III.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Valve\\Steam\\SteamApps\\parp1\\team fortress classic\\hl.exe"=
"d:\\HLSW\\hlsw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Valve\\Steam\\SteamApps\\parp1\\team fortress 2\\hl2.exe"=
"d:\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"e:\\Jeux\\Dead Space\\Dead Space.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Valve\\Steam\\SteamApps\\nenestarouf\\team fortress classic\\hl.exe"=
"e:\\Jeux\\COD 4 MW\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2008 03:48 717296]
R0 Stealth;Stealth;c:\windows\system32\drivers\stealth.sys [21/06/2002 09:58 80896]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [28/10/2009 21:45 12800]
R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [28/10/2009 21:45 43008]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/10/2009 05:13 108289]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [28/10/2009 21:45 102400]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [10/01/2010 22:41 6852]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [28/12/2008 05:32 162176]
S3 IDMusic;IDMusic;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\IDMusic.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\IDMusic.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24/10/2009 10:55 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24/10/2009 10:55 8320]
S3 unvtcp;unvtcp;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\unvtcp.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\unvtcp.sys [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-725345543-839522115-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 02:37]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-725345543-839522115-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 02:37]

2010-01-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-14 21:18]

2010-01-22 c:\windows\Tasks\Winamp.job
- c:\progra~1\Winamp\winamp.exe [2008-08-03 23:04]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.adobe.com/go/getflashplayer
uInternet Settings,ProxyOverride = localhost;*.local
IE: Ajouter au fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2031308&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 06:17
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86FDE1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> 0x86f53014
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7089bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7096a21
SendHandler -> NDIS.sys @ 0xf707487b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-329068152-725345543-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}*]
"haafpolallpldeno"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
66,64,00,00
"iaoenoignnejpncfeg"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
66,64,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32*]
"jaefcnkdcgnoidoihfjm"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,
6d,66,64,00,00
"iaefimaclolgmlninp"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
66,64,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\SHDOCVW.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Logi_MwX.Exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-01-31 06:21:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-31 05:21

Avant-CF: 1 053 978 624 octets libres
Après-CF: 979 161 088 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1F50BB317D1550D30C5AF7C25934415A
0
Réponse 12 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en gras ci-dessous dans le Bloc-Notes :

KillAll::

File::
c:\windows\system32\zyvrvyq.exe
c:\windows\system32\hcvyyol.exe
c:\windows\system32\gqguwla.exe
c:\windows\system32\dbzmstr.exe
c:\windows\system32\yhizhbb.exe
c:\windows\system32\avrugad.exe
c:\windows\system32\rmwmvc.exe
c:\windows\system32\ylsyfr.exe
c:\windows\system32\jlehmz.exe
c:\windows\system32\ythqnh.exe
c:\windows\system32\perfh00C.dat
c:\windows\system32\perfc00C.dat

Folder::
c:\documents and settings\Administrateur\Application Data\Search Settings

- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

http://free0.hiboox.com/images/2409/9126d3b136f7db9ab6242ad715b44296.gif

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


@++ :)
0
Réponse 13 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Voici le ComboFix.txt :

ComboFix 10-01-30.07 - Administrateur 31/01/2010 17:17:46.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.641 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\avrugad.exe"
"c:\windows\system32\dbzmstr.exe"
"c:\windows\system32\gqguwla.exe"
"c:\windows\system32\hcvyyol.exe"
"c:\windows\system32\jlehmz.exe"
"c:\windows\system32\perfc00C.dat"
"c:\windows\system32\perfh00C.dat"
"c:\windows\system32\rmwmvc.exe"
"c:\windows\system32\yhizhbb.exe"
"c:\windows\system32\ylsyfr.exe"
"c:\windows\system32\ythqnh.exe"
"c:\windows\system32\zyvrvyq.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\Search Settings
c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14635.log
c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14636.log
c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14637.log
c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14638.log
c:\documents and settings\Administrateur\Application Data\Search Settings\kb130\temp\ws-14639.log
c:\windows\system32\avrugad.exe
c:\windows\system32\dbzmstr.exe
c:\windows\system32\gqguwla.exe
c:\windows\system32\hcvyyol.exe
c:\windows\system32\jlehmz.exe
c:\windows\system32\perfc00C.dat
c:\windows\system32\perfh00C.dat
c:\windows\system32\rmwmvc.exe
c:\windows\system32\yhizhbb.exe
c:\windows\system32\ylsyfr.exe
c:\windows\system32\ythqnh.exe
c:\windows\system32\zyvrvyq.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))
.

2010-01-31 04:58 . 2010-01-31 04:58 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-01-30 19:02 . 2010-01-30 19:02 -------- d-----w- C:\rsit
2010-01-30 02:37 . 2010-01-30 02:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp
2010-01-30 02:37 . 2010-01-30 02:38 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-01-30 00:41 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 00:41 . 2010-01-30 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 00:41 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 00:29 . 2010-01-30 00:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-30 00:29 . 2010-01-30 21:59 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2010-01-30 00:16 . 2010-01-30 22:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----r- c:\program files\Skype
2010-01-30 00:15 . 2010-01-30 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-29 22:51 . 2010-01-29 22:51 -------- d-----w- c:\program files\Trend Micro
2010-01-27 00:02 . 2010-01-27 00:02 -------- d-----w- c:\program files\WinShut XP
2010-01-27 00:02 . 2010-01-27 00:02 253952 ------w- c:\windows\Setup1.exe
2010-01-27 00:02 . 2010-01-27 00:02 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-01-26 23:52 . 2010-01-26 23:52 -------- d-----w- c:\program files\X'nBeep 1.1
2010-01-10 21:44 . 2010-01-10 21:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-01-10 21:44 . 2010-01-10 21:44 -------- d-----w- c:\program files\Application Updater
2010-01-10 21:41 . 2010-01-12 23:31 -------- d-----w- c:\program files\AV VCS 3.0
2010-01-10 21:41 . 2002-12-10 08:11 6852 ----a-w- c:\windows\system32\drivers\Vcs.sys
2010-01-08 01:37 . 2010-01-08 01:37 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-08 01:36 . 2010-01-08 01:37 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab
2010-01-06 20:42 . 2010-01-06 20:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2010-01-05 09:56 . 2010-01-05 09:56 192512 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-01-04 22:43 . 2010-01-31 03:28 -------- d-----w- c:\program files\JDownloader

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 16:25 . 2009-06-24 20:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\JetStart
2010-01-31 16:23 . 2009-01-31 17:12 7 ----a-w- c:\windows\sbacknt.bin
2010-01-31 16:00 . 2008-12-28 05:01 -------- d-----w- c:\program files\Mumble
2010-01-30 15:15 . 2009-06-18 00:03 -------- d-----w- c:\program files\tmplus
2010-01-29 23:42 . 2009-01-10 15:38 -------- d-----w- c:\program files\Windows Live
2010-01-27 21:02 . 2008-12-28 03:11 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-27 00:43 . 2008-12-28 03:09 49168 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 20:54 . 2008-12-28 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-26 20:52 . 2008-12-28 02:58 -------- d-----w- c:\program files\Microsoft Works
2010-01-23 00:16 . 2008-12-28 03:12 -------- d-----w- c:\program files\mIRC
2010-01-21 17:24 . 2009-01-09 22:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 17:02 . 2009-09-27 22:33 177024 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\FlashGot.exe
2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-01-08 01:37 . 2010-01-08 01:37 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2010-01-07 19:50 . 2009-01-08 16:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2010-01-05 09:56 . 2007-04-02 10:56 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2007-04-02 10:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2007-04-02 10:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-23 19:08 . 2010-01-11 17:01 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\FFExternalAlert.dll
2009-12-23 19:08 . 2010-01-11 17:01 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{e4b046f1-9bf3-4763-a350-5792397013e0}\components\RadioWMPCore.dll
2009-12-23 17:07 . 2010-01-11 17:01 52224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
2009-12-23 17:07 . 2010-01-11 17:01 101376 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\RadioWMPCore.dll
2009-12-18 10:19 . 2010-01-11 17:01 545280 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-12-18 10:19 . 2010-01-11 17:01 344064 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-12-18 10:19 . 2010-01-11 17:01 153600 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-12-18 10:19 . 2010-01-11 17:01 103424 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-12-18 10:19 . 2010-01-11 17:01 57856 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-12-18 10:19 . 2010-01-11 17:01 4726272 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2009-12-17 23:54 . 2009-10-28 02:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HLSW
2009-12-14 23:41 . 2009-12-14 23:41 -------- d-----w- c:\program files\Yamipod
2009-12-14 23:35 . 2009-12-14 23:34 -------- d-----w- c:\program files\iTunes
2009-12-14 23:35 . 2009-12-14 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-12-14 23:34 . 2009-12-14 23:34 -------- d-----w- c:\program files\iPod
2009-12-14 23:34 . 2009-12-08 20:52 -------- d-----w- c:\program files\QuickTime Alternative
2009-12-14 23:34 . 2009-01-21 20:10 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-12-14 23:34 . 2008-12-28 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-14 17:47 . 2008-12-28 03:00 -------- d-----w- c:\program files\CCleaner
2009-12-14 00:22 . 2008-12-28 03:05 -------- d-----w- c:\program files\Java
2009-12-14 00:17 . 2009-11-23 18:22 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-14 00:17 . 2009-11-23 18:22 79488 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-14 00:10 . 2009-12-14 00:10 -------- d-----w- c:\program files\microsoft frontpage
2009-12-13 23:54 . 2008-12-28 02:47 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2009-12-12 03:08 . 2009-05-09 00:27 22328 ----a-w- c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2009-12-12 03:07 . 2009-05-09 00:27 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-12 03:07 . 2009-05-09 00:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-12 03:07 . 2008-12-28 03:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-11 22:11 . 2009-12-11 18:55 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mumble
2009-12-11 18:36 . 2009-05-09 00:43 367680 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-12-11 18:36 . 2009-05-09 00:43 179264 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-12-11 18:36 . 2009-05-09 00:43 57344 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-12-11 18:36 . 2009-05-09 00:43 887856 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-12-11 18:36 . 2009-05-09 00:43 2407488 ----a-w- c:\documents and settings\Administrateur\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-12-11 18:33 . 2009-05-09 00:27 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-11 18:33 . 2009-12-11 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-12-10 22:44 . 2009-05-05 23:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 20:52 . 2008-12-28 03:08 -------- d-----w- c:\program files\Media Player Classic
2009-12-08 14:29 . 2009-12-02 21:58 3638 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-30 11:19 . 2009-11-30 11:19 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2009-11-30 11:17 . 2009-11-30 11:17 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2009-11-25 21:00 . 2008-12-28 05:07 0 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
2009-11-21 15:58 . 2004-08-04 04:54 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 01:01 . 2009-11-19 01:01 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-19 01:01 . 2009-11-19 01:01 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-19 01:01 . 2009-11-19 01:01 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-19 01:01 . 2009-11-19 01:03 24443520 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_fr.exe
2006-05-03 10:06 . 2009-09-22 21:46 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-09-22 21:46 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-09-22 21:46 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2007-04-02 10:56 . 8471A49628E9D70C39383605CFF191B4 . 125912 . . [5.8.0.2694 built by: dnsrv(wmbla)] . . c:\windows\icon_TMP\wuauclt.exe
[7] 2007-04-02 10:56 . 5E5A6AF2D6FF2D289414C53025FE2337 . 124376 . . [5.8.0.2694 built by: dnsrv(wmbla)] . . c:\windows\system_backup\wuauclt.exe

[-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 80A5400514EB32D393654768C4017E46 . 979456 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 . E28D16A8D63ECA6246921FDF7CBDE42A . 1227264 . . [6.00.2900.2180] . . c:\windows\icon_TMP\explorer.exe
[7] 2004-08-04 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\system_backup\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-31_05.17.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-31 16:23 . 2010-01-31 16:23 16384 c:\windows\temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-12-28 16384]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"ShockAero3D"="c:\program files\Shock Utility\ShockAero3D\ShockAero3D.exe" [2008-05-14 1181696]
"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-30 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-07 8425472]
"nwiz"="nwiz.exe" [2007-03-07 1622016]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"DirectFolders"="c:\program files\Direct Folders\df.exe" [2008-12-13 269824]
"JetStart"="c:\program files\JetStart\JetStart.exe" [2007-05-19 582144]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-07 81920]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2002-06-19 73728]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="e:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-01-05 124928]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-1-31 370000]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2009-4-30 1975992]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-28 169472]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"d:\\Company of Heroes\\RelicCOH.exe"=
"d:\\Valve\\Steam\\SteamApps\\parp1\\day of defeat\\hl.exe"=
"d:\\Flatout\\FlatOut.exe"=
"e:\\Jeux\\C.S\\hl.exe"=
"d:\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"e:\\Jeux\\WarcraftIII\\Warcraft III.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Valve\\Steam\\SteamApps\\parp1\\team fortress classic\\hl.exe"=
"d:\\HLSW\\hlsw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Valve\\Steam\\SteamApps\\parp1\\team fortress 2\\hl2.exe"=
"d:\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"e:\\Jeux\\Dead Space\\Dead Space.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Valve\\Steam\\SteamApps\\nenestarouf\\team fortress classic\\hl.exe"=
"e:\\Jeux\\COD 4 MW\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2008 03:48 717296]
R0 Stealth;Stealth;c:\windows\system32\drivers\stealth.sys [21/06/2002 09:58 80896]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [28/10/2009 21:45 12800]
R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [28/10/2009 21:45 43008]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/10/2009 05:13 108289]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [28/10/2009 21:45 102400]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [10/01/2010 22:41 6852]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [28/12/2008 05:32 162176]
S3 IDMusic;IDMusic;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\IDMusic.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\IDMusic.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24/10/2009 10:55 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24/10/2009 10:55 8320]
S3 unvtcp;unvtcp;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\unvtcp.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\unvtcp.sys [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-725345543-839522115-500Core.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 02:37]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-725345543-839522115-500UA.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 02:37]

2010-01-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-14 21:18]

2010-01-22 c:\windows\Tasks\Winamp.job
- c:\progra~1\Winamp\winamp.exe [2008-08-03 23:04]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.adobe.com/go/getflashplayer
uInternet Settings,ProxyOverride = localhost;*.local
IE: Ajouter au fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - e:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2031308&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 17:24
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86FDD1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> 0x86f22014
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7089bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7096a21
SendHandler -> NDIS.sys @ 0xf707487b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-329068152-725345543-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}*]
"haafpolallpldeno"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
66,64,00,00
"iaoenoignnejpncfeg"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
66,64,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32*]
"jaefcnkdcgnoidoihfjm"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,
6d,66,64,00,00
"iaefimaclolgmlninp"=hex:6a,61,6b,6b,66,6c,6d,6e,68,6e,70,65,67,70,6b,65,64,6d,
66,64,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1676)
c:\windows\system32\SHDOCVW.dll
c:\program files\SuperCopier2\SC2Hook.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\IadHide4.dll
c:\program files\Direct Folders\hook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-01-31 17:28:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-31 16:28
ComboFix2.txt 2010-01-31 05:21

Avant-CF: 990 650 368 octets libres
Après-CF: 950 665 216 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A5CAB5397F31072E0708897035FAC012
0
Réponse 14 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


Télécharge MBR par (GMER) sur ton Bureau :

http://www2.gmer.net/mbr/mbr.exe

- Désactive tous les programmes de protection (antivirus, antispyware etc.)
https://forum.pcastuces.com/default.asp

- Double-clique sur mbr.exe > une fenêtre noire va s'ouvrir et se refermer.
- Poste le rapport mbr.log qui apparaît.


@++ :)
0
Réponse 15 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Voila c'est fait:

Il n'y a que sa dans le log mbr.log >.<

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Mais à quoi sa sert tout sa dédétraqué?
0
Réponse 16 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


Une possible infection détecté par Combofix :
Warning: possible MBR rootkit infection !

Et maintenant je fais des vérifications sur cette possible infection.


Télécharge Gmer et enregistre-le sur ton bureau.
http://www2.gmer.net/download.php

- Déconnecte toi d'internet si possible et ferme tous les programmes, puis lance l'outil.
- Clique sur le bouton "Scan" sur la droite.

- Lorsque le scan est terminé, clic sur "Copy".
- Ouvre le bloc-note et clic sur le Menu Edition / Coller
- Le rapport doit alors apparaître.

- Enregistre le fichier sur ton bureau et copie/colle le contenu ici.


@++ :)
0
Réponse 17 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Dédétraqué,

Sa ne marche pas le scan avec Gmer. Du moins si sa marche mais au bout d'un moment du scan mon pc reboot tout seul et je ne sais pas pourquoi. Donc impossible de sauvegarder le log :/

J'ai fait tout se que tu m'as dis: déconnecté d'internet, aucun programme lancé (j'ai même néttoyé dans "processus") et j'ai même aussi désactivé mon par-feu et Antivir!

Que faire?
0
Réponse 18 / 27
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut ParP1


Voir en mode sans échec avec le scan avec GMER


@++ :)
0
Réponse 19 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Désolé du blanc dédé j'étais absent ce weekend.
J'ai réalisé le scan je te le post ce soir!!
0
Réponse 20 / 27
ParP1 Messages postés 154 Statut Membre 11
 
Voila mon scan GMER réalisé en mode sans échec (j'ai coché les deux autres disques dur de mon pc D et E en plus de C) :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 07:37:12
Windows 5.1.2600 Service Pack 3
Running: 47eq02d3.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fgdyikow.sys


---- System - GMER 1.0.15 ----

SSDT spir.sys ZwCreateKey [0xF73670E0]
SSDT spir.sys ZwEnumerateKey [0xF7385CA2]
SSDT spir.sys ZwEnumerateValueKey [0xF7386030]
SSDT spir.sys ZwOpenKey [0xF73670C0]
SSDT spir.sys ZwQueryKey [0xF7386108]
SSDT spir.sys ZwQueryValueKey [0xF7385F88]
SSDT spir.sys ZwSetValueKey [0xF738619A]

INT 0x62 ? 86F6FBF8
INT 0x73 ? 86F20D38
INT 0x83 ? 86FDCBF8
INT 0xB4 ? 86F20D38

---- Kernel code sections - GMER 1.0.15 ----

? spir.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F70E68AC 5 Bytes JMP 86F20318

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F722D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7398C4C] spir.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7398CA0] spir.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7368040] spir.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F736813C] spir.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73680BE] spir.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73687FC] spir.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73686D2] spir.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7378048] spir.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F20418

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F6D1F8
Device \Driver\usbohci \Device\USBPDO-0 86EA61F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F701F8
Device \Driver\dmio \Device\DmControl\DmConfig 86F701F8
Device \Driver\dmio \Device\DmControl\DmPnP 86F701F8
Device \Driver\dmio \Device\DmControl\DmInfo 86F701F8
Device \Driver\usbehci \Device\USBPDO-1 86ECD1F8
Device \Driver\nvata \Device\00000070 86FDC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FDE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FDE1F8
Device \Driver\Cdrom \Device\CdRom0 86EB01F8
Device \Driver\Cdrom \Device\CdRom0 86F3BFD1
Device \Driver\Ftdisk \Device\HarddiskVolume3 86FDE1F8
Device \Driver\Cdrom \Device\CdRom1 86EB01F8
Device \Driver\Cdrom \Device\CdRom1 86F3BFD1
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72A6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F3D014
Device \Driver\atapi \Device\Ide\IdePort0 [F72A6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 86F3D014
Device \Driver\atapi \Device\Ide\IdePort1 [F72A6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 86F3D014
Device \Driver\Cdrom \Device\CdRom2 86EB01F8
Device \Driver\Cdrom \Device\CdRom2 86F3BFD1
Device \Driver\Cdrom \Device\CdRom3 86EB01F8
Device \Driver\Cdrom \Device\CdRom3 86F3BFD1
Device \Driver\usbohci \Device\USBFDO-0 86EA61F8
Device \Driver\usbehci \Device\USBFDO-1 86ECD1F8
Device \Driver\nvata \Device\NvAta0 86FDC1F8
Device \Driver\nvata \Device\0000006f 86FDC1F8
Device \Driver\Ftdisk \Device\FtControl 86FDE1F8
Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target1Lun0 86FDD1F8
Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target0Lun0 86FDD1F8
Device \Driver\Stealth \Device\Scsi\Stealth1 86FDD1F8
Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target2Lun0 86FDD1F8
Device \FileSystem\Cdfs \Cdfs 86BB61F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xED 0x8A 0xB5 0xC9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x91 0x73 0x44 0xC8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x46 0xBC 0x0C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0xAE 0xCA 0x74 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7D 0x17 0x4C 0xCE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD3 0xD3 0x09 0x52 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x2A 0x98 0x09 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares@ParP1\xb2 (J) CSCFlags=0?MaxUses=4294967295?Path=J:\?Permissions=0?Remark=?Type=0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1487498670
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -625594627
Reg HKLM\SYSTEM\ControlSet004\Services\lanmanserver\Shares@ParP1\xb2 (J) CSCFlags=0?MaxUses=4294967295?Path=J:\?Permissions=0?Remark=?Type=0?
Reg HKLM\SOFTWARE\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32@jaefcnkdcgnoidoihfjm 0x6A 0x61 0x6B 0x6B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{384607EB-31FF-85B9-C867-E09F268887E3}\InProcServer32@iaefimaclolgmlninp 0x6A 0x61 0x6B 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}@haafpolallpldeno 0x6A 0x61 0x6B 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{384607EB-31FF-85B9-C867-E09F268887E3}@iaoenoignnejpncfeg 0x6A 0x61 0x6B 0x6B ...

---- EOF - GMER 1.0.15 ----


Et une autres petite question personnel en plus:
Est tu un bot? xD Nan car tu répond d'une façon très robotique :p
Après je comprends étant donné que tu fais sa pour aider et que tu ne peu pas écrire tout un discours à chaque fois. Tu n'es pas obligé de répondre à cette question xD

Merci beaucoup en tout cas de ton aide!

J'attends te réponse
0

Discussions similaires

télécharger router scan v2.6 ou v3.6
naf_2019 -
brucine -

2 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
comment lire des bd gratuitement en ligne sur internet ?
theodu13480 -
Ereka -

2 réponses
Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse