Gros Virus qui Gele mon ordinateur !!

Martel80 Messages postés 107 Statut Membre -
mephistope - 25 sept. 2010 à 12:20

Bonjour,

Je ne sais pas exactement ce qu'es le processus qui fait que mon ordinateur gele completement mais depuis quelque jour quand j'ouvre une aplcation si petite sois t'elle ...tout gele.

J'ai un quad core a 2,4ghz et 2 gig de DDR2 et je suis sous XP SP3

Es-ce que qqn pourrais m'aider sil vous plait !!

Merci beaucoup d'avance !!!

Afficher la suite

A voir également:

Gros Virus qui Gele mon ordinateur !!
Ordinateur qui rame - Guide
Réinitialiser ordinateur - Guide
Clavier de l'ordinateur - Guide
Parametres de mon ordinateur - Guide
Qu'est ce qui se lance au démarrage de l'ordinateur - Guide

47 réponses

1
2
3

Suivant

Réponse 1 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit

@++ :)

Martel80 Messages postés 107 Statut Membre 2

'erci Beaucoup pour cette reponse rapide !!!

Voici le log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by pc at 2010-03-04 21:58:52
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 105 GB (44%) free of 238 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:19, on 2010-03-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pc\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: M-Audio Conectiv Installer (MAudioConectivService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Réponse 2 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

@++ :)

Martel80 Messages postés 107 Statut Membre 2

ComboFix 10-03-04.02 - pc 2010-03-04 22:33:29.7.4 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2047.1678 [GMT -5:00]
Lancé depuis: c:\documents and settings\pc\Bureau\ComboFix.exe
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HelpAssistant\real.txt
c:\documents and settings\pc\Favoris\Error Cleaner.url
c:\documents and settings\pc\Favoris\Privacy Protector.url
c:\documents and settings\pc\Favoris\Spyware&Malware Protection.url
c:\documents and settings\pc\real.txt
c:\program files\INSTALL.LOG
c:\windows\desktop
c:\windows\desktop\Play Rogue Squadron.lnk
c:\windows\system32\rqRIXNfd.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\twain_32.dll

.
original MBR restored successfully !
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-05 au 2010-03-05 ))))))))))))))))))))))))))))))))))))
.

2010-03-04 22:08 . 2010-03-04 22:09 -------- d-----w- C:\rsit
2010-02-27 17:55 . 2008-01-04 18:34 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-02-27 17:55 . 2008-01-04 18:34 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2010-02-27 17:04 . 2010-02-27 17:07 -------- d-----w- c:\documents and settings\HelpAssistant\Favoris
2010-02-27 17:04 . 2008-01-16 12:29 -------- d--h--w- c:\documents and settings\HelpAssistant\Modèles
2010-02-27 17:04 . 2008-01-16 07:24 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage réseau
2010-02-27 17:04 . 2008-01-16 07:24 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage d'impression
2010-02-27 17:04 . 2010-03-05 03:37 -------- d-----w- c:\documents and settings\HelpAssistant
2010-02-25 05:55 . 2010-02-25 05:56 -------- d-----w- c:\documents and settings\pc\Application Data\MeldaProduction MFlanger
2010-02-24 16:53 . 2010-02-24 17:29 -------- d-----w- c:\documents and settings\pc\Application Data\Audacity
2010-02-24 16:53 . 2010-03-04 17:15 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-02-24 02:21 . 2010-02-24 02:21 -------- d-----w- c:\program files\Fichiers communs\Pro Audio DSP
2010-02-24 02:21 . 2010-02-24 02:21 -------- d-----w- c:\program files\Pro Audio DSP
2010-02-22 05:54 . 2010-02-22 05:54 1955472 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-21 01:16 . 2010-02-21 01:16 -------- d-----w- c:\documents and settings\pc\Application Data\Lexicon PCM Native
2010-02-21 01:16 . 2010-02-21 01:16 -------- d-----w- c:\documents and settings\pc\Application Data\Waves Preferences
2010-02-20 23:03 . 2010-02-20 23:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
2010-02-20 23:03 . 2010-01-06 16:25 3068984 -c--a-w- c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.exe
2010-02-18 18:48 . 2010-02-18 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2010-02-18 18:48 . 2010-03-04 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-02-18 18:48 . 2010-02-18 18:48 -------- d-----w- c:\program files\Viewpoint
2010-02-18 18:48 . 2010-02-18 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-02-18 18:47 . 2010-02-18 18:47 35888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\postproc.exe
2010-02-18 18:47 . 2010-02-18 18:47 357776 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\tbsetup.exe
2010-02-18 17:54 . 2010-02-18 17:54 -------- d-----w- c:\documents and settings\pc\Application Data\KORG
2010-02-18 17:52 . 2010-02-18 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\KORG
2010-02-18 17:52 . 2010-02-18 22:42 -------- d-----w- c:\program files\Fichiers communs\KORG
2010-02-18 17:52 . 2010-02-18 17:52 -------- d-----w- c:\program files\KORG
2010-02-18 11:38 . 2009-10-12 02:58 1177600 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2010-02-18 11:34 . 2010-02-18 11:37 -------- d-----w- c:\program files\Fichiers communs\Steinberg
2010-02-18 11:34 . 2010-02-18 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Steinberg
2010-02-17 21:06 . 2010-02-17 21:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-17 20:45 . 2010-02-17 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2010-02-16 22:57 . 2010-02-17 16:35 -------- d-----w- c:\documents and settings\pc\Application Data\Loomer
2010-02-16 22:56 . 2010-02-16 22:56 -------- d-----w- c:\program files\Loomer
2010-02-16 22:53 . 2010-02-16 22:53 19113 ----a-w- c:\windows\unins000.dat
2010-02-16 22:53 . 2010-02-16 22:53 -------- d-----w- c:\program files\StudioDevil
2010-02-16 22:53 . 2010-02-16 22:53 697690 ----a-w- c:\windows\unins000.exe
2010-02-14 02:20 . 2010-02-14 02:20 -------- d-----w- C:\Mp3 Output
2010-02-14 02:10 . 2010-02-14 02:10 -------- d-----w- c:\documents and settings\pc\Application Data\GeoVid
2010-02-14 02:10 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-02-14 02:10 . 2003-03-19 13:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-02-14 02:10 . 2010-02-14 02:10 -------- d-----w- c:\program files\Fichiers communs\GeoVid
2010-02-14 02:10 . 2010-02-14 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2010-02-14 02:10 . 2010-02-14 02:10 -------- d-----w- c:\program files\GeoVid
2010-02-14 01:59 . 2010-02-14 01:59 -------- d-----w- c:\program files\IVCsoft
2010-02-13 15:12 . 2010-02-13 21:44 -------- d-----w- c:\documents and settings\pc\Application Data\MeldaProduction MAutoEqualizer
2010-02-12 16:27 . 2010-02-12 16:27 -------- d-----w- c:\program files\TC Electronic
2010-02-12 16:27 . 2009-03-27 21:00 172032 ----a-w- c:\windows\system32\EioPal.dll
2010-02-12 16:26 . 2010-02-12 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MTexturedStyles
2010-02-10 13:30 . 2010-02-10 13:30 -------- d-----w- c:\program files\Fichiers communs\SoundToys
2010-02-10 13:30 . 2010-02-10 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\VST3 Presets
2010-02-10 13:30 . 2010-02-10 13:30 -------- d-----w- c:\program files\SoundToys
2010-02-08 05:15 . 2010-02-08 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton
2010-02-08 05:15 . 2010-02-08 05:15 -------- d-----w- c:\documents and settings\pc\Application Data\Ableton
2010-02-04 10:57 . 2010-02-04 10:57 -------- d-----w- c:\program files\BBE Sound

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 03:20 . 2009-08-16 03:12 625 --sha-w- c:\windows\system32\mmf.sys
2010-03-04 18:15 . 2008-07-27 15:44 -------- d-----w- c:\program files\Trend Micro
2010-03-04 17:36 . 2001-09-28 12:00 85608 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-04 17:36 . 2001-09-28 12:00 513410 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-04 17:31 . 2008-07-24 15:55 -------- d-----w- c:\program files\Google
2010-03-04 17:25 . 2010-02-01 22:04 -------- d-----w- c:\program files\Pcsx2
2010-03-04 17:22 . 2008-06-14 13:23 -------- d-----w- c:\program files\MOTU
2010-03-04 17:19 . 2010-01-10 19:08 -------- d-----w- c:\program files\Fichiers communs\Logitech
2010-03-04 17:16 . 2008-07-07 09:39 -------- d-----w- c:\program files\EA Sports
2010-03-04 17:09 . 2009-08-11 19:15 -------- d-----w- c:\program files\EzGenerator3
2010-03-04 17:07 . 2009-07-23 01:54 -------- d-----w- c:\program files\Diablo II
2010-02-27 17:55 . 2008-01-16 12:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 01:12 . 2010-01-13 09:14 1271544 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-26 17:05 . 2010-01-12 19:17 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-26 16:27 . 2010-01-12 19:18 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-26 15:32 . 2010-01-19 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-25 21:57 . 2010-01-19 02:44 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-02-25 04:06 . 2008-01-17 21:16 49016 -c--a-w- c:\documents and settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 17:42 . 2010-01-12 17:47 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-02-24 17:42 . 2010-01-12 17:47 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-02-24 17:42 . 2010-01-12 17:46 -------- d-----w- c:\program files\Replay Media Catcher
2010-02-24 07:45 . 2008-01-27 21:21 -------- d-----w- c:\documents and settings\pc\Application Data\uTorrent
2010-02-23 19:03 . 2008-05-23 14:35 -------- d-----w- c:\program files\QuickTime
2010-02-19 23:27 . 2010-01-12 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AA3DeployClient
2010-02-18 18:47 . 2010-02-18 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-02-18 18:47 . 2008-01-19 22:37 335 -c--a-w- c:\windows\nsreg.dat
2010-02-18 18:47 . 2010-02-18 18:46 5357344 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\ocpinst.exe
2010-02-18 12:06 . 2008-01-16 13:41 -------- d-----w- c:\documents and settings\pc\Application Data\Steinberg
2010-02-18 11:30 . 2008-01-16 13:30 -------- d-----w- c:\program files\Steinberg
2010-02-18 11:25 . 2008-01-27 21:21 -------- d-----w- c:\program files\uTorrent
2010-02-17 21:05 . 2008-10-12 02:19 -------- d-----w- c:\program files\Syncrosoft
2010-02-17 16:32 . 2010-01-30 06:05 -------- d-----w- c:\program files\D16 Group
2010-02-16 17:50 . 2009-07-30 14:37 -------- d-----w- c:\program files\PSPaudioware
2010-02-10 04:44 . 2010-01-29 13:44 -------- d-----w- c:\program files\Softube
2010-02-01 12:34 . 2010-02-01 12:34 -------- d-----w- c:\documents and settings\pc\Application Data\4Front
2010-02-01 12:33 . 2010-02-01 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\4Front
2010-02-01 12:33 . 2010-02-01 12:33 -------- d-----w- c:\program files\TruePianos
2010-01-30 17:18 . 2010-01-30 17:15 -------- d-----w- c:\program files\SoundPerformanceLab
2010-01-30 17:07 . 2010-01-30 17:05 -------- d-----w- c:\program files\EMI
2010-01-30 06:30 . 2010-01-30 06:30 -------- d-----w- c:\program files\WNAS
2010-01-30 05:00 . 2010-01-29 13:49 -------- d-----w- c:\program files\D16 Group(2)
2010-01-30 05:00 . 2010-01-29 14:02 -------- d-----w- c:\program files\Uninstall
2010-01-28 20:51 . 2009-08-16 03:12 625 --sha-w- c:\windows\system32\mmf(4).sys
2010-01-28 07:25 . 2010-01-28 07:25 -------- d-----w- c:\program files\GForce
2010-01-28 05:51 . 2010-01-28 05:51 -------- d-----w- c:\program files\Elysia
2010-01-19 02:44 . 2010-01-19 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-17 06:30 . 2009-03-22 02:04 -------- d-----w- c:\program files\Image-Line
2010-01-17 06:28 . 2008-01-16 15:59 -------- d-----w- c:\program files\Native Instruments
2010-01-12 19:18 . 2008-02-26 12:42 139152 -c--a-w- c:\documents and settings\pc\Application Data\PnkBstrK.sys
2010-01-12 19:18 . 2008-02-26 12:42 139152 -c--a-w- c:\documents and settings\pc\Application Data\PnkBstrK.sys
2010-01-12 19:17 . 2010-01-12 19:17 794408 -c--a-w- c:\windows\system32\pbsvc.exe
2010-01-12 19:17 . 2010-01-12 19:17 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-12 19:06 . 2010-01-12 19:06 -------- d-----w- c:\program files\USArmy
2010-01-11 21:39 . 2009-12-11 20:06 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-11 21:38 . 2010-01-11 21:38 151552 -c--a-w- c:\windows\system32\nvRegDev.dll
2010-01-10 23:48 . 2009-12-19 16:50 -------- d-----w- c:\program files\rFactor
2010-01-10 05:10 . 2010-01-10 05:10 -------- d-----w- c:\program files\Singular Inversions
2010-01-10 00:16 . 2008-07-27 20:21 -------- d-----w- c:\program files\CCleaner
2010-01-08 07:13 . 2010-01-08 07:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-29 22:54 . 2009-12-29 22:54 826344 ----a-w- c:\documents and settings\pc\Application Data\MSNInstaller\msnauins.exe
2009-12-18 22:39 . 2009-12-18 22:39 1956072 -c--a-w- c:\documents and settings\pc\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-11-05 14:50 . 2010-01-30 17:09 9535488 ----a-w- c:\program files\Tube Delay.dll
2009-10-27 17:55 . 2009-08-16 03:12 625 -csha-w- c:\windows\system32\mmf(2).sys
2009-11-19 23:56 . 2009-08-16 03:12 625 -csha-w- c:\windows\system32\mmf(3).sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2006-07-12 103424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-23 417792]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MFWAKeys.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MFWAKeys.lnk
backup=c:\windows\pss\MFWAKeys.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MOTU Pedal Handler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MOTU Pedal Handler.lnk
backup=c:\windows\pss\MOTU Pedal Handler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^pc^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
path=c:\documents and settings\pc\Menu Démarrer\Programmes\Démarrage\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
2007-10-02 17:19 2165272 -c--a-w- c:\program files\VDOTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 03:55 54832 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 -c--a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-23 19:03 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 20:10 56928 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2008-01-26 18:18 364544 -c--a-w- c:\windows\system32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"RichVideo"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"NBService"=3 (0x3)
"NVSvc"=2 (0x2)
"IDriverT"=3 (0x3)
"CmdAgent"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"MAudioConectivService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4255:TCP"= 4255:TCP:icall
"4255:UDP"= 4255:UDP:icall
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6346:TCP"= 6346:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R3 MAUSBML;Service for M-Audio Conectiv (WDM);c:\windows\system32\drivers\mausbcv.sys [2009-05-31 110592]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2008-06-14 23600]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 845184]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-01-16 664064]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-08-15 2560]
S2 MAudioConectivService;M-Audio Conectiv Installer;c:\program files\M-Audio\Conectiv\MAUSBCVInst.exe [2009-05-31 57344]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-01-16 38656]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-11 25832]
S3 MADFU;MADFU;c:\windows\system32\drivers\MADFU.sys [2008-08-07 16512]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-01-22 10112]
.
Contenu du dossier 'Tâches planifiées'

2008-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: download.com
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\p135hob5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-COMODO Firewall Pro - c:\program files\Comodo\Firewall\CPF.exe
MSConfigStartUp-iCall Internet Phone - c:\program files\iCall\iCall.exe
MSConfigStartUp-nwiz - nwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 22:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89F6ACD8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> 0x89f6acd8
\Driver\atapi -> atapi.sys @ 0xb7f10852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> 0x8a0f5330
PacketIndicateHandler -> NDIS.sys @ 0xb7e0ba21
SendHandler -> NDIS.sys @ 0xb7de987b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1844237615-854245398-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,71,d3,4c,5a,19,8f,31,4c,10,f7,23,54,a3,35,f2,da,23,72,ca,28,
01,08,67,a5,90,41,4a,db,0b,4f,39,2d,a2,ac,81,9e,aa,55,70,12,95,e5,63,25,20,\
"rkeysecu"=hex:25,06,b5,65,0c,23,24,fe,cb,88,57,81,2d,de,21,06

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Heure de fin: 2010-03-04 22:40:53
ComboFix-quarantined-files.txt 2010-03-05 03:40
ComboFix2.txt 2008-07-27 19:19

Avant-CF: 110 411 243 520 octets libres
Après-CF: 110 375 424 000 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 95CBF533A53039E93F0CA614EAF4262E

Réponse 3 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Télécharge Gmer et enregistre-le sur ton bureau.
http://www2.gmer.net/download.php

- Déconnecte toi d'internet si possible et ferme tous les programmes, puis lance l'outil.
- Clique sur le bouton "Scan" sur la droite.

- Lorsque le scan est terminé, clic sur "Copy".
- Ouvre le bloc-note et clic sur le Menu Edition / Coller
- Le rapport doit alors apparaître.

- Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Le probleme semble s'etre agraver :S

voici le rapport de gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-05 03:14:56
Windows 5.1.2600 Service Pack 3
Running: 44sh8sgs.exe; Driver: C:\DOCUME~1\pc\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB7ED9AC8]
SSDT sptd.sys ZwEnumerateKey [0xB7ED9C22]
SSDT sptd.sys ZwEnumerateValueKey [0xB7ED9F9A]
SSDT sptd.sys ZwOpenKey [0xB7ED998E]
SSDT sptd.sys ZwQueryKey [0xB7EDA064]
SSDT sptd.sys ZwQueryValueKey [0xB7ED9EFC]
SSDT sptd.sys ZwSetValueKey [0xB7EDA0EC]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD5005.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7288380, 0x5414D5, 0xE8000020]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B71974F0 13 Bytes [84, 0C, 5E, D6, 97, 8C, F2, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + E B71974FE 2 Bytes [94, C1]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B7197501 31 Bytes [60, 19, B7, 3A, 7A, A8, 82, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00CE28B1
.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!send 719F4C27 5 Bytes JMP 00CE273D
.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00CE282F
.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!recv 719F676F 5 Bytes JMP 00CE2775
.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00CE27AD
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00CA28B1
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!send 719F4C27 5 Bytes JMP 00CA273D
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00CA282F
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!recv 719F676F 5 Bytes JMP 00CA2775
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00CA27AD
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00BC28B1
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!send 719F4C27 5 Bytes JMP 00BC273D
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00BC282F
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!recv 719F676F 5 Bytes JMP 00BC2775
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00BC27AD
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00F428B1
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!send 719F4C27 5 Bytes JMP 00F4273D
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00F4282F
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!recv 719F676F 5 Bytes JMP 00F42775
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00F427AD
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 02B928B1
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!send 719F4C27 5 Bytes JMP 02B9273D
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 02B9282F
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!recv 719F676F 5 Bytes JMP 02B92775
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 02B927AD

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7ED5AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7ED5C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7ED5B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7ED676C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7ED6642] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A783808
Device \FileSystem\Fastfat \FatCdrom 8A0A3970
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A783EB0
Device \Driver\dmio \Device\DmControl\DmConfig 8A783EB0
Device \Driver\dmio \Device\DmControl\DmPnP 8A783EB0
Device \Driver\dmio \Device\DmControl\DmInfo 8A783EB0
Device \Driver\ACPI \Device\00000060 8A537898
Device \Driver\ACPI \Device\00000054 8A537898
Device \Driver\ACPI \Device\00000047 8A537898
Device \Driver\ACPI \Device\00000061 8A537898
Device \Driver\ACPI \Device\00000055 8A537898
Device \Driver\ACPI \Device\00000048 8A537898
Device \Driver\ACPI \Device\00000056 8A537898
Device \Driver\ACPI \Device\00000057 8A537898
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7830E8
Device \Driver\ACPI \Device\00000064 8A537898
Device \Driver\ACPI \Device\00000058 8A537898
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7830E8
Device \Driver\Cdrom \Device\CdRom0 8A5DFEB0
Device \FileSystem\Rdbss \Device\FsWrap 8A1C8EB0
Device \Driver\ACPI \Device\00000072 8A537898
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7830E8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-e [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-6 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort2 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort3 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\Cdrom \Device\CdRom1 8A5DFEB0
Device \Driver\ACPI \Device\00000073 8A537898
Device \Driver\Cdrom \Device\CdRom2 8A5DFEB0
Device \Driver\ACPI \Device\00000074 8A537898
Device \Driver\ACPI \Device\00000075 8A537898
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1194C8
Device \Driver\00000064 \Device\0000004a sptd.sys
Device \Driver\ACPI \Device\0000004f 8A537898
Device \Driver\ACPI \Device\0000005d 8A537898
Device \Driver\Disk \Device\Harddisk0\DR0 8A783A40
Device \Driver\NetBT \Device\NetBT_Tcpip_{FBB78EE1-1061-446A-9949-4E3316AE4546} 8A1194C8
Device \Driver\Disk \Device\Harddisk1\DR1 8A783A40
Device \Driver\ACPI \Device\0000006b 8A537898
Device \Driver\Disk \Device\Harddisk2\DR2 8A783A40
Device \Driver\ACPI \Device\0000006c 8A537898
Device \Driver\ACPI \Device\0000006d 8A537898
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A10F7D0
Device \Driver\ACPI \Device\0000006e 8A537898
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A10F7D0
Device \Driver\ACPI \Device\0000006f 8A537898
Device \FileSystem\Npfs \Device\NamedPipe 8A1AD0E8
Device \Driver\Ftdisk \Device\FtControl 8A7830E8
Device \FileSystem\Msfs \Device\Mailslot 8A1C7EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target1Lun0 8A4B8270
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 8A4B8270
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A4B8270
Device \FileSystem\Fastfat \Fat 8A0A3970
Device \FileSystem\Cdfs \Cdfs 8A0640E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 413234498
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1543261265
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 384240045
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xC7 0xF9 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xEA 0x65 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0xB9 0x88 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9A 0x4B 0x51 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xC7 0xF9 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x52 0x3D 0xD1 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0x00 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xC7 0xF9 0xFA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xEA 0x65 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0xB9 0x88 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9A 0x4B 0x51 0x4A ...

Martel80 Messages postés 107 Statut Membre 2

Les problemes semble setre agravés... :S

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-05 03:14:56
Windows 5.1.2600 Service Pack 3
Running: 44sh8sgs.exe; Driver: C:\DOCUME~1\pc\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB7ED9AC8]
SSDT sptd.sys ZwEnumerateKey [0xB7ED9C22]
SSDT sptd.sys ZwEnumerateValueKey [0xB7ED9F9A]
SSDT sptd.sys ZwOpenKey [0xB7ED998E]
SSDT sptd.sys ZwQueryKey [0xB7EDA064]
SSDT sptd.sys ZwQueryValueKey [0xB7ED9EFC]
SSDT sptd.sys ZwSetValueKey [0xB7EDA0EC]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD5005.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7288380, 0x5414D5, 0xE8000020]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B71974F0 13 Bytes [84, 0C, 5E, D6, 97, 8C, F2, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + E B71974FE 2 Bytes [94, C1]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B7197501 31 Bytes [60, 19, B7, 3A, 7A, A8, 82, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00CE28B1
.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!send 719F4C27 5 Bytes JMP 00CE273D
.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00CE282F
.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!recv 719F676F 5 Bytes JMP 00CE2775
.text C:\WINDOWS\Explorer.EXE[648] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00CE27AD
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00CA28B1
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!send 719F4C27 5 Bytes JMP 00CA273D
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00CA282F
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!recv 719F676F 5 Bytes JMP 00CA2775
.text C:\WINDOWS\System32\alg.exe[1300] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00CA27AD
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00BC28B1
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!send 719F4C27 5 Bytes JMP 00BC273D
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00BC282F
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!recv 719F676F 5 Bytes JMP 00BC2775
.text C:\Program Files\M-Audio\Conectiv\MAUSBCVInst.exe[1648] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00BC27AD
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00F428B1
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!send 719F4C27 5 Bytes JMP 00F4273D
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00F4282F
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!recv 719F676F 5 Bytes JMP 00F42775
.text C:\WINDOWS\system32\RUNDLL32.EXE[2680] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00F427AD
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 02B928B1
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!send 719F4C27 5 Bytes JMP 02B9273D
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 02B9282F
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!recv 719F676F 5 Bytes JMP 02B92775
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 02B927AD

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7ED5AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7ED5C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7ED5B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7ED676C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7ED6642] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A783808
Device \FileSystem\Fastfat \FatCdrom 8A0A3970
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A783EB0
Device \Driver\dmio \Device\DmControl\DmConfig 8A783EB0
Device \Driver\dmio \Device\DmControl\DmPnP 8A783EB0
Device \Driver\dmio \Device\DmControl\DmInfo 8A783EB0
Device \Driver\ACPI \Device\00000060 8A537898
Device \Driver\ACPI \Device\00000054 8A537898
Device \Driver\ACPI \Device\00000047 8A537898
Device \Driver\ACPI \Device\00000061 8A537898
Device \Driver\ACPI \Device\00000055 8A537898
Device \Driver\ACPI \Device\00000048 8A537898
Device \Driver\ACPI \Device\00000056 8A537898
Device \Driver\ACPI \Device\00000057 8A537898
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7830E8
Device \Driver\ACPI \Device\00000064 8A537898
Device \Driver\ACPI \Device\00000058 8A537898
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7830E8
Device \Driver\Cdrom \Device\CdRom0 8A5DFEB0
Device \FileSystem\Rdbss \Device\FsWrap 8A1C8EB0
Device \Driver\ACPI \Device\00000072 8A537898
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7830E8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-e [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-6 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort2 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdePort3 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 [B7E28B40] atapi.sys[unknown section] {MOV EAX, 0x8a783b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xb7ee9e12; RET }
Device \Driver\Cdrom \Device\CdRom1 8A5DFEB0
Device \Driver\ACPI \Device\00000073 8A537898
Device \Driver\Cdrom \Device\CdRom2 8A5DFEB0
Device \Driver\ACPI \Device\00000074 8A537898
Device \Driver\ACPI \Device\00000075 8A537898
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1194C8
Device \Driver\00000064 \Device\0000004a sptd.sys
Device \Driver\ACPI \Device\0000004f 8A537898
Device \Driver\ACPI \Device\0000005d 8A537898
Device \Driver\Disk \Device\Harddisk0\DR0 8A783A40
Device \Driver\NetBT \Device\NetBT_Tcpip_{FBB78EE1-1061-446A-9949-4E3316AE4546} 8A1194C8
Device \Driver\Disk \Device\Harddisk1\DR1 8A783A40
Device \Driver\ACPI \Device\0000006b 8A537898
Device \Driver\Disk \Device\Harddisk2\DR2 8A783A40
Device \Driver\ACPI \Device\0000006c 8A537898
Device \Driver\ACPI \Device\0000006d 8A537898
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A10F7D0
Device \Driver\ACPI \Device\0000006e 8A537898
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A10F7D0
Device \Driver\ACPI \Device\0000006f 8A537898
Device \FileSystem\Npfs \Device\NamedPipe 8A1AD0E8
Device \Driver\Ftdisk \Device\FtControl 8A7830E8
Device \FileSystem\Msfs \Device\Mailslot 8A1C7EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target1Lun0 8A4B8270
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 8A4B8270
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A4B8270
Device \FileSystem\Fastfat \Fat 8A0A3970
Device \FileSystem\Cdfs \Cdfs 8A0640E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 413234498
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1543261265
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 384240045
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xC7 0xF9 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xEA 0x65 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0xB9 0x88 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9A 0x4B 0x51 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xC7 0xF9 0xFA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x52 0x3D 0xD1 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0x00 0xEA 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0C 0xC7 0xF9 0xFA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xEA 0x65 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0xB9 0x88 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9A 0x4B 0x51 0x4A ...

Réponse 4 / 47

Martel80 Messages postés 107 Statut Membre 2

J'aimerais savoir si je doit m'attendre a une reponse d'ici les prochaine 24 heures ou si je devrais tout simplement partir un autre message sur le forum ?

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

La patience est de mise quand on demande de l'aide...

Ton rapport n'est pas complet, utilise cjoint.com pour poster en lien ton rapport :
https://www.cjoint.com/

- Clique sur Parcourir pour aller chercher le rapport
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint

- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Tu a tout a fait raison Dédétraqué...ce netait pas contre toi dutout...desoler....

Durant ce temps jai cru bon installer Malwarbytes et scanner mon ordinateur....
ce que j'ai fait

Il a trouver 47 fichier infecter

Je les ai tous supprimer !!!

voici le rapport malware bytes

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3827
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2010-03-05 19:03:01
mbam-log-2010-03-05 (19-03-01).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 462288
Temps écoulé: 2 hour(s), 27 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 47

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Steinberg\VstPlugins\daAlfa2k\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Steinberg\VstPlugins\ReFX PlastiCZ\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Steinberg\VstPlugins\Focusrite\Saffire Bundle v2.0\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Steinberg\VstPlugins\Blue\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Steinberg\VstPlugins\kubik\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\Steinberg\VstPlugins\LinPlug Instruments\RM IV Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\rgcaudio software\z3ta+\z3ta+Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Program Files\FriendBlasterPro\FriendBlasterPro v10.x Patch.exe (Trojan.Hacktool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRIXNfd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\temp\akbpdi.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP226\A0185529.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP226\A0185601.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP229\A0190595.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP232\A0191527.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP232\A0194554.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP232\A0195546.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP56\A0037601.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP56\A0037602.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP56\A0037603.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP56\A0037604.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP66\A0038192.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP67\A0038240.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP67\A0038516.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP70\A0038595.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP71\A0038874.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP71\A0039024.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP74\A0039259.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP75\A0039607.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP75\A0039797.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP76\A0039991.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP77\A0040179.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP77\A0040346.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP125\A0138619.rbf (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP153\A0152697.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP165\A0170274.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP165\A0171110.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP202\A0178487.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP203\A0178796.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP217\A0184658.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP218\A0184959.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP218\A0185123.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D0AD6FB7-A464-498C-B6DE-1926A0C7069D}\RP218\A0185385.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Martel80 Messages postés 107 Statut Membre 2

Voici le lien Cjoint de GMER

https://www.cjoint.com/?dgbsAJTMLW

Réponse 6 / 47

Martel80 Messages postés 107 Statut Membre 2

J'ai remarquer que le disque dur cherche pendant a peu pres 10 minute au demarage ( Je l'entend travailler )

J'ai aussi remarquer que la memoire Ram gagne 1 Mo a tout les 2 seconde.....jusqu'a temps quel atteigne 2 gig ( ma configuration )

Ca explique peut-etre la raison pour laquelle tout gele....

D'ailleurs....rien ne semble s'ameliorer!!!

J'attend de tes nouvelles Dédétraqué

A+

Martel80

Réponse 7 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau :
http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

- Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan

- A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
- Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
- Fais redémarrer ton PC

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Salut dédé !!!

J'ai lancer le program comme tu ma dit mais a la fin quand on me dit dappuryer sur une touche pour continuer il y a un bloc note vide qui saffiche...

Il ny a rien decris dans le bloc note !!!

Ques ce que je fais ???

p.s. J'ai redemarer puisque mon pc a geler quand jai voulu venir poster le resultats !!

Réponse 8 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

OK, regarde de nouveau si bien vide :
C:\tdsskiller\report.txt

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Oui cest bien vide ....il ny a que le rar le fichier eula.txt et le tdsskiller.exe

Réponse 9 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Désactive ton antivirus le temps de la manipulation ainsi que ton pare feu si présent(car il est détecté a tort comme infection)

▶ Télécharge List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "créer une icône sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le, ne le poste pas, mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Voici le rapport !!!

List'em by g3n-h@ckm@n 1.3.0.0

User : pc (Administrateurs)
Update on 06/03/2010 by g3n-h@ckm@n ::::: 14.00

Start at: 17:24:41 | 2010-03-06
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
FW : COMODO Firewall Pro[ (!) Disabled ]2.3.035

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (102,58 Go free) | NTFS
D:\ -> Disque fixe local | 232,88 Go (20,92 Go free) | NTFS
E:\ -> Disque CD-ROM | 7,71 Go (0 Mo free) [DragonAge] | CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local | 465,65 Go (16,85 Go free) [My Book] | FAT32

Boot: Normal

Merci encore de m'aider Dédé !!!

Réponse 10 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

J'ai seulement que l'entête du rapport là?

@++ :)

Martel80 Messages postés 107 Statut Membre 2

C'est tout ce quil y avais !!!

Réponse 11 / 47

Martel80 Messages postés 107 Statut Membre 2

j'ai refait un scan...

Voici le rapport complet !!

List'em by g3n-h@ckm@n 1.3.0.0

User : pc (Administrateurs)
Update on 06/03/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 18:49:28 | 2010-03-06
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
FW : COMODO Firewall Pro[ (!) Disabled ]2.3.035

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (102,55 Go free) | NTFS
D:\ -> Disque fixe local | 232,88 Go (20,92 Go free) | NTFS
E:\ -> Disque CD-ROM | 7,71 Go (0 Mo free) [DragonAge] | CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local | 465,65 Go (16,85 Go free) [My Book] | FAT32

Boot: Normal

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\FxEx.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RTHDCPL REG_SZ RTHDCPL.EXE
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
M-Audio Taskbar Icon REG_SZ C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ PC1
DefaultUserName REG_SZ pc
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ pc
AltDefaultDomainName REG_SZ PC1
AutoAdminLogon REG_SZ 1
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
EnableConcurrentSessions REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe REG_SZ C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Electronic Arts\EADM\Core.exe REG_SZ C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe REG_SZ C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe REG_SZ C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword
C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe REG_SZ C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss
C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe REG_SZ C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords
C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe REG_SZ C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\PnkBstrA.exe REG_SZ C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
C:\WINDOWS\system32\PnkBstrB.exe REG_SZ C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
C:\Program Files\Dragon Age\bin_ship\daorigins.exe REG_SZ C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game
C:\Program Files\Dragon Age\DAOriginsLauncher.exe REG_SZ C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher
C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe REG_SZ C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe REG_SZ C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBB78EE1-1061-446A-9949-4E3316AE4546}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FBB78EE1-1061-446A-9949-4E3316AE4546}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A78534D7-6B66-4BC0-B9BD-C39E2D86DBC2}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FBB78EE1-1061-446A-9949-4E3316AE4546}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.ca/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\erdnt\cache\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\erdnt\cache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
233 Go total, 103 Go libre (44%), 27% fragment‚ (fragmentation du fichier 53%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\WINDOWS\003063_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\ealregsnapshot1.reg
Present !! : C:\WINDOWS\System32\x64
Present !! : C:\WINDOWS\unins000.dat
Present !! : C:\WINDOWS\unins000.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-1844237615-854245398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-1844237615-854245398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 18:57:24
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A783A40]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a783a40
\Driver\ACPI -> 0x89e74ca0
NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> 0x89fd5330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Documents and Settings\HelpAssistant\Bureau\Setup de Programme\prog\D16.Group.Decimort.VST.v1.0.Incl.Keygen-AiR\Keygen.exe
C:\Documents and Settings\HelpAssistant\Bureau\Setup de Programme\prog\D16.Group.Phoscyon.VSTi.v1.8.0.Incl.Keygen-AiR\Keygen.exe
C:\Documents and Settings\HelpAssistant\Bureau\Setup de Programme\prog\D16.Group.Redoptor.VST.v1.0.Incl.Keygen-AiR\Keygen.exe
C:\Documents and Settings\HelpAssistant\Bureau\Setup de Programme\prog\StudioDevil.Amp.Modeler.Pro.VST.RTAS.v1.1.Incl.Keygen-AiR\Keygen.exe
C:\Documents and Settings\pc\Bureau\Setup de Programme\prog\D16.Group.Decimort.VST.v1.0.Incl.Keygen-AiR\Keygen.exe
C:\Documents and Settings\pc\Bureau\Setup de Programme\prog\D16.Group.Phoscyon.VSTi.v1.8.0.Incl.Keygen-AiR\Keygen.exe
C:\Documents and Settings\pc\Bureau\Setup de Programme\prog\D16.Group.Redoptor.VST.v1.0.Incl.Keygen-AiR\Keygen.exe
C:\Documents and Settings\pc\Bureau\Setup de Programme\prog\StudioDevil.Amp.Modeler.Pro.VST.RTAS.v1.1.Incl.Keygen-AiR\Keygen.exe
H:\Program\Audio\VsT pack By [BIG T]\[ - VSTi - ]\Spectralhead.Audio.Silverbox.VSTi.v1.0.incl.Keygen-AiR\Keygen.exe
H:\Program\Audio\FruityLoops Studio 8.0 XXL + Patch [h33t] [dopeboy]\Patch.exe
H:\Program\Audio\Program\IK.Multimedia.Ampeg.SVX.VST.RTAS.v1.1.1.incl.Keygen-AiR\Keygen.exe
H:\Program\Audio\T-RACKS 3.1\Keygen.exe
H:\Program\Audio\Applied.Acoustics.Tassman.VSTi.DXi.RTAS.v4.13.Incl.Keygen-AiR\Keygen.exe

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 18:59:40,40

Réponse 12 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Voici le rapport qui est apparu sur mon bureau !!!

Aucun rapport ne c'est ouvert a la fin du scan !

Kill'em by g3n-h@ckm@n 1.3.0.0

User : pc (Administrateurs)
Update on 06/03/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 21:34:50 | 2010-03-06
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
FW : COMODO Firewall Pro[ (!) Disabled ]2.3.035

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (102,54 Go free) | NTFS
D:\ -> Disque fixe local | 232,88 Go (20,92 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local | 465,65 Go (16,85 Go free) [My Book] | FAT32

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\DAEMON Tools Toolbar
Quarantined & Deleted !! : C:\WINDOWS\003063_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\ealregsnapshot1.reg
Quarantined & Deleted !! : C:\WINDOWS\System32\x64
Quarantined & Deleted !! : C:\WINDOWS\unins000.dat
Quarantined & Deleted !! : C:\WINDOWS\unins000.exe

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 13 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Télécharge MBR par (GMER) sur ton Bureau :

http://www2.gmer.net/mbr/mbr.exe

- Désactive tous les programmes de protection (antivirus, antispyware etc.)
https://forum.pcastuces.com/default.asp

- Double-clique sur mbr.exe > une fenêtre noire va s'ouvrir et se refermer.
- Poste le rapport mbr.log qui apparaît.

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a783a40
\Driver\ACPI -> 0x89e52c58
NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> 0x89feb330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Réponse 14 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

- Clique sur le menu démarrer/Exécuter et copie/colle cette commande : "%userprofile%\Bureau\mbr" –f
(si tu recopies la commande manuellement, n'oublie surtout pas les guillemets)
- Supprime le fichier mbr.log
- Relance mbr.exe et poste le rapport mbr.log qui apparait.

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Voici le 2ieme log....qui me semble identique a premiere vu

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a783a40
\Driver\ACPI -> 0x89e52c58
NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> 0x89feb330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Réponse 15 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Exact, tu as bien vu :D

As-tu bien supprimer le premier log?

@++ :)

Martel80 Messages postés 107 Statut Membre 2

oui...

Réponse 16 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

- Quitte les applications en cours afin de ne pas interrompre le scan.
- Double clique sur OTL.exe pour lancer le.
- Une fenêtre apparaît. Sous Custom Scans (en bas), copie/colle ceci :

netsvcs
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
/md5stop
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s

- Clique sur le bouton Run Scan.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

Utilise cjoint.com pour poster en lien tes rapports :
https://www.cjoint.com/

- Clique sur Parcourir pour aller chercher le rapport
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint

- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Voici OTL

https://www.cjoint.com/?dhfEVyiPAq

Et Extras

https://www.cjoint.com/?dhfFNzjD5Z

Réponse 17 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Je regarde ça demain matin, là je doit quitter.

@++ :)

Martel80 Messages postés 107 Statut Membre 2

d'accord...merci beaucoup encore pour ton temps et ton aide precieuse ...j'espere tellement qu'on en vienne a bout...je ne peu pas me permmetre de tout perdre mon travaille musical...cest impensable !!!

Merci Dédé !!

Bonne soirée !!

Réponse 18 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Supprime Combofix qui est sur le bureau :
c:\documents and settings\pc\Bureau\ComboFix.exe

Télécharge-le de nouveau sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Faire le scan et poste le rapport.

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Le programme est en train de faire son scan mais il y a eu 3 choses vraiment differente qua l'habitude.

Au debut a la place de sauver les 13 fichiers pour le backup...cetait ecris SECURITY et ca a scanner pendant 5 minute sans que mes disque dur semble fonctionner...

ensuite a la tout fin du back up ...les fichiers NTUSER.dat et Userclass.dat non pas pu senregistrer parce quil disaient quil y avais eu des erreurs

il me demandais si je voulais continuer...et jai clicker oui les 2 fois...

Je t'envoie le rapport dici quelque minute !!!

Martel80 Messages postés 107 Statut Membre 2

ComboFix 10-03-08.01 - pc 2010-03-08 21:31:34.9.4 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2047.1662 [GMT -5:00]
Lancé depuis: c:\documents and settings\pc\Bureau\ComboFix.exe
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-09 au 2010-03-09 ))))))))))))))))))))))))))))))))))))
.

2010-03-07 02:31 . 2010-03-07 02:34 -------- d-----w- C:\Kill'em
2010-03-06 22:24 . 2010-03-07 02:49 -------- d-----w- c:\program files\List_Kill'em
2010-03-06 21:35 . 2010-03-06 21:36 -------- d-----w- C:\tdsskiller
2010-03-05 21:27 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-05 21:27 . 2010-03-05 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-05 21:27 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 22:08 . 2010-03-04 22:09 -------- d-----w- C:\rsit
2010-02-27 17:55 . 2008-01-04 18:34 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-02-27 17:55 . 2008-01-04 18:34 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2010-02-27 17:04 . 2010-02-27 17:07 -------- d-----w- c:\documents and settings\HelpAssistant\Favoris
2010-02-27 17:04 . 2008-01-16 12:29 -------- d--h--w- c:\documents and settings\HelpAssistant\Modèles
2010-02-27 17:04 . 2008-01-16 07:24 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage réseau
2010-02-27 17:04 . 2008-01-16 07:24 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage d'impression
2010-02-27 17:04 . 2010-03-09 02:28 -------- d-----w- c:\documents and settings\HelpAssistant
2010-02-25 05:55 . 2010-02-25 05:56 -------- d-----w- c:\documents and settings\pc\Application Data\MeldaProduction MFlanger
2010-02-24 16:53 . 2010-02-24 17:29 -------- d-----w- c:\documents and settings\pc\Application Data\Audacity
2010-02-24 16:53 . 2010-03-04 17:15 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-02-24 02:21 . 2010-02-24 02:21 -------- d-----w- c:\program files\Fichiers communs\Pro Audio DSP
2010-02-24 02:21 . 2010-02-24 02:21 -------- d-----w- c:\program files\Pro Audio DSP
2010-02-22 05:54 . 2010-02-22 05:54 1955472 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-21 01:16 . 2010-02-21 01:16 -------- d-----w- c:\documents and settings\pc\Application Data\Lexicon PCM Native
2010-02-21 01:16 . 2010-02-21 01:16 -------- d-----w- c:\documents and settings\pc\Application Data\Waves Preferences
2010-02-20 23:03 . 2010-02-20 23:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}
2010-02-20 23:03 . 2010-01-06 16:25 3068984 -c--a-w- c:\documents and settings\All Users\Application Data\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.exe
2010-02-18 18:48 . 2010-02-18 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2010-02-18 18:48 . 2010-03-04 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-02-18 18:48 . 2010-02-18 18:48 -------- d-----w- c:\program files\Viewpoint
2010-02-18 18:48 . 2010-02-18 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-02-18 18:47 . 2010-02-18 18:47 35888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\postproc.exe
2010-02-18 18:47 . 2010-02-18 18:47 357776 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\tbsetup.exe
2010-02-18 17:54 . 2010-02-18 17:54 -------- d-----w- c:\documents and settings\pc\Application Data\KORG
2010-02-18 17:52 . 2010-02-18 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\KORG
2010-02-18 17:52 . 2010-02-18 22:42 -------- d-----w- c:\program files\Fichiers communs\KORG
2010-02-18 17:52 . 2010-02-18 17:52 -------- d-----w- c:\program files\KORG
2010-02-18 11:38 . 2009-10-12 02:58 1177600 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2010-02-18 11:34 . 2010-02-18 11:37 -------- d-----w- c:\program files\Fichiers communs\Steinberg
2010-02-18 11:34 . 2010-02-18 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Steinberg
2010-02-17 21:06 . 2010-02-17 21:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-17 20:45 . 2010-02-17 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Syncrosoft
2010-02-16 22:57 . 2010-02-17 16:35 -------- d-----w- c:\documents and settings\pc\Application Data\Loomer
2010-02-16 22:56 . 2010-02-16 22:56 -------- d-----w- c:\program files\Loomer
2010-02-16 22:53 . 2010-02-16 22:53 -------- d-----w- c:\program files\StudioDevil
2010-02-14 02:20 . 2010-02-14 02:20 -------- d-----w- C:\Mp3 Output
2010-02-14 02:10 . 2010-02-14 02:10 -------- d-----w- c:\documents and settings\pc\Application Data\GeoVid
2010-02-14 02:10 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-02-14 02:10 . 2003-03-19 13:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-02-14 02:10 . 2010-02-14 02:10 -------- d-----w- c:\program files\Fichiers communs\GeoVid
2010-02-14 02:10 . 2010-02-14 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\GeoVid
2010-02-14 02:10 . 2010-02-14 02:10 -------- d-----w- c:\program files\GeoVid
2010-02-14 01:59 . 2010-02-14 01:59 -------- d-----w- c:\program files\IVCsoft
2010-02-13 15:12 . 2010-02-13 21:44 -------- d-----w- c:\documents and settings\pc\Application Data\MeldaProduction MAutoEqualizer
2010-02-12 16:27 . 2010-02-12 16:27 -------- d-----w- c:\program files\TC Electronic
2010-02-12 16:27 . 2009-03-27 21:00 172032 ----a-w- c:\windows\system32\EioPal.dll
2010-02-12 16:26 . 2010-02-12 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MTexturedStyles
2010-02-10 13:30 . 2010-02-10 13:30 -------- d-----w- c:\program files\Fichiers communs\SoundToys
2010-02-10 13:30 . 2010-02-10 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\VST3 Presets
2010-02-10 13:30 . 2010-02-10 13:30 -------- d-----w- c:\program files\SoundToys
2010-02-08 05:15 . 2010-02-08 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton
2010-02-08 05:15 . 2010-02-08 05:15 -------- d-----w- c:\documents and settings\pc\Application Data\Ableton

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 02:27 . 2009-08-16 03:12 625 --sha-w- c:\windows\system32\mmf.sys
2010-03-07 02:53 . 2001-09-28 12:00 85404 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-07 02:53 . 2001-09-28 12:00 513080 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-04 18:15 . 2008-07-27 15:44 -------- d-----w- c:\program files\Trend Micro
2010-03-04 17:31 . 2008-07-24 15:55 -------- d-----w- c:\program files\Google
2010-03-04 17:25 . 2010-02-01 22:04 -------- d-----w- c:\program files\Pcsx2
2010-03-04 17:22 . 2008-06-14 13:23 -------- d-----w- c:\program files\MOTU
2010-03-04 17:19 . 2010-01-10 19:08 -------- d-----w- c:\program files\Fichiers communs\Logitech
2010-03-04 17:16 . 2008-07-07 09:39 -------- d-----w- c:\program files\EA Sports
2010-03-04 17:09 . 2009-08-11 19:15 -------- d-----w- c:\program files\EzGenerator3
2010-03-04 17:07 . 2009-07-23 01:54 -------- d-----w- c:\program files\Diablo II
2010-02-27 17:55 . 2008-01-16 12:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 01:12 . 2010-01-13 09:14 1271544 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-26 17:05 . 2010-01-12 19:17 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-26 16:27 . 2010-01-12 19:18 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-26 15:32 . 2010-01-19 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-25 21:57 . 2010-01-19 02:44 1923768 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-02-25 04:06 . 2008-01-17 21:16 49016 -c--a-w- c:\documents and settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 17:42 . 2010-01-12 17:47 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-02-24 17:42 . 2010-01-12 17:47 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-02-24 17:42 . 2010-01-12 17:46 -------- d-----w- c:\program files\Replay Media Catcher
2010-02-24 07:45 . 2008-01-27 21:21 -------- d-----w- c:\documents and settings\pc\Application Data\uTorrent
2010-02-23 19:03 . 2008-05-23 14:35 -------- d-----w- c:\program files\QuickTime
2010-02-19 23:27 . 2010-01-12 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AA3DeployClient
2010-02-18 18:47 . 2010-02-18 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-02-18 18:47 . 2008-01-19 22:37 335 -c--a-w- c:\windows\nsreg.dat
2010-02-18 18:47 . 2010-02-18 18:46 5357344 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.31.1\ocpinst.exe
2010-02-18 12:06 . 2008-01-16 13:41 -------- d-----w- c:\documents and settings\pc\Application Data\Steinberg
2010-02-18 11:30 . 2008-01-16 13:30 -------- d-----w- c:\program files\Steinberg
2010-02-18 11:25 . 2008-01-27 21:21 -------- d-----w- c:\program files\uTorrent
2010-02-17 21:05 . 2008-10-12 02:19 -------- d-----w- c:\program files\Syncrosoft
2010-02-17 16:32 . 2010-01-30 06:05 -------- d-----w- c:\program files\D16 Group
2010-02-16 17:50 . 2009-07-30 14:37 -------- d-----w- c:\program files\PSPaudioware
2010-02-10 04:44 . 2010-01-29 13:44 -------- d-----w- c:\program files\Softube
2010-02-04 10:57 . 2010-02-04 10:57 -------- d-----w- c:\program files\BBE Sound
2010-02-01 12:34 . 2010-02-01 12:34 -------- d-----w- c:\documents and settings\pc\Application Data\4Front
2010-02-01 12:33 . 2010-02-01 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\4Front
2010-02-01 12:33 . 2010-02-01 12:33 -------- d-----w- c:\program files\TruePianos
2010-01-30 17:18 . 2010-01-30 17:15 -------- d-----w- c:\program files\SoundPerformanceLab
2010-01-30 17:07 . 2010-01-30 17:05 -------- d-----w- c:\program files\EMI
2010-01-30 06:30 . 2010-01-30 06:30 -------- d-----w- c:\program files\WNAS
2010-01-30 05:00 . 2010-01-29 13:49 -------- d-----w- c:\program files\D16 Group(2)
2010-01-30 05:00 . 2010-01-29 14:02 -------- d-----w- c:\program files\Uninstall
2010-01-28 20:51 . 2009-08-16 03:12 625 --sha-w- c:\windows\system32\mmf(4).sys
2010-01-28 07:25 . 2010-01-28 07:25 -------- d-----w- c:\program files\GForce
2010-01-28 05:51 . 2010-01-28 05:51 -------- d-----w- c:\program files\Elysia
2010-01-19 02:44 . 2010-01-19 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-17 06:30 . 2009-03-22 02:04 -------- d-----w- c:\program files\Image-Line
2010-01-17 06:28 . 2008-01-16 15:59 -------- d-----w- c:\program files\Native Instruments
2010-01-12 19:18 . 2008-02-26 12:42 139152 -c--a-w- c:\documents and settings\pc\Application Data\PnkBstrK.sys
2010-01-12 19:18 . 2008-02-26 12:42 139152 -c--a-w- c:\documents and settings\pc\Application Data\PnkBstrK.sys
2010-01-12 19:17 . 2010-01-12 19:17 794408 -c--a-w- c:\windows\system32\pbsvc.exe
2010-01-12 19:17 . 2010-01-12 19:17 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-12 19:06 . 2010-01-12 19:06 -------- d-----w- c:\program files\USArmy
2010-01-11 21:39 . 2009-12-11 20:06 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-11 21:38 . 2010-01-11 21:38 151552 -c--a-w- c:\windows\system32\nvRegDev.dll
2010-01-10 23:48 . 2009-12-19 16:50 -------- d-----w- c:\program files\rFactor
2010-01-10 05:10 . 2010-01-10 05:10 -------- d-----w- c:\program files\Singular Inversions
2010-01-10 00:16 . 2008-07-27 20:21 -------- d-----w- c:\program files\CCleaner
2010-01-08 07:13 . 2010-01-08 07:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-29 22:54 . 2009-12-29 22:54 826344 ----a-w- c:\documents and settings\pc\Application Data\MSNInstaller\msnauins.exe
2009-12-18 22:39 . 2009-12-18 22:39 1956072 -c--a-w- c:\documents and settings\pc\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-11-05 14:50 . 2010-01-30 17:09 9535488 ----a-w- c:\program files\Tube Delay.dll
2009-10-27 17:55 . 2009-08-16 03:12 625 -csha-w- c:\windows\system32\mmf(2).sys
2009-11-19 23:56 . 2009-08-16 03:12 625 -csha-w- c:\windows\system32\mmf(3).sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-05_03.37.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-09-28 12:00 . 2010-03-07 02:53 71904 c:\windows\system32\perfc009.dat
+ 2001-09-28 12:00 . 2010-03-07 02:53 444028 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2006-07-12 103424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MFWAKeys.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MFWAKeys.lnk
backup=c:\windows\pss\MFWAKeys.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MOTU Pedal Handler.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MOTU Pedal Handler.lnk
backup=c:\windows\pss\MOTU Pedal Handler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^pc^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
path=c:\documents and settings\pc\Menu Démarrer\Programmes\Démarrage\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 19:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
2007-10-02 17:19 2165272 -c--a-w- c:\program files\VDOTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 03:55 54832 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 -c--a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-21 01:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 01:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-06-16 08:52 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-23 19:03 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 20:10 56928 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 -c--a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2008-01-26 18:18 364544 -c--a-w- c:\windows\system32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"RichVideo"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"NBService"=3 (0x3)
"NVSvc"=2 (0x2)
"IDriverT"=3 (0x3)
"CmdAgent"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"MAudioConectivService"=2 (0x2)
"TapiSrv"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4255:TCP"= 4255:TCP:icall
"4255:UDP"= 4255:UDP:icall
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6346:TCP"= 6346:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3411:TCP"= 3411:TCP:Services
"2223:TCP"= 2223:TCP:Services

R3 MAUSBML;Service for M-Audio Conectiv (WDM);c:\windows\system32\drivers\mausbcv.sys [2009-05-31 110592]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2008-06-14 23600]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 845184]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-01-16 664064]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-08-15 2560]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-01-16 38656]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-11 25832]
S3 MADFU;MADFU;c:\windows\system32\drivers\MADFU.sys [2008-08-07 16512]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-01-22 10112]
S4 MAudioConectivService;M-Audio Conectiv Installer;c:\program files\M-Audio\Conectiv\MAUSBCVInst.exe [2009-05-31 57344]
.
Contenu du dossier 'Tâches planifiées'

2008-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: download.com
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\p135hob5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 21:44
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89F49A80]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> 0x89f49a80
\Driver\atapi -> atapi.sys @ 0xb7f10852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller -> SendCompleteHandler -> 0x8a0fd330
PacketIndicateHandler -> NDIS.sys @ 0xb7e0ba21
SendHandler -> NDIS.sys @ 0xb7de987b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1844237615-854245398-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,71,d3,4c,5a,19,8f,31,4c,10,f7,23,54,a3,35,f2,da,23,72,ca,28,
01,08,67,a5,90,41,4a,db,0b,4f,39,2d,a2,ac,81,9e,aa,55,70,12,95,e5,63,25,20,\
"rkeysecu"=hex:25,06,b5,65,0c,23,24,fe,cb,88,57,81,2d,de,21,06

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Heure de fin: 2010-03-08 21:47:48
ComboFix-quarantined-files.txt 2010-03-09 02:47
ComboFix2.txt 2010-03-05 21:07
ComboFix3.txt 2010-03-05 03:40
ComboFix4.txt 2008-07-27 19:19

Avant-CF: 109 967 269 888 octets libres
Après-CF: 109 890 150 400 octets libres

- - End Of File - - 02F186868DD66E635B05EE66D5988E1B

Réponse 19 / 47

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut Martel80

Faire un scan de ce fichier atapi.sys ici :

https://www.virustotal.com/gui/

Clique sur Parcourir et copie/colle ceci :
C:\WINDOWS\system32\drivers\atapi.sys
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.

Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.

Poste le résultat au complet

Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm

@++ :)

Martel80 Messages postés 107 Statut Membre 2

Voila

http://www.virustotal.com/fr/analisis/b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9-1268110200

Réponse 20 / 47

Martel80 Messages postés 107 Statut Membre 2

voila

http://www.virustotal.com/compacto.html

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple