Cheval de Troie

Résolu
hburnt Messages postés 179 Statut Membre -  
plopus Messages postés 6113 Statut Contributeur sécurité -
Bonjour,

J'ai de nouveau une alerte antivir concernant la présence de chevel de troie...de plus, des pages web s'ouvrent intempestivement, par contre il m'est impossible d'en ouvrir volontairement.


Avira détecte un virus dans :
C:\WINDOWS\system32\sshnas21.dll :contient le cheval de troie TR/Agent.207360
Un drole de racourcis est également aparu sur mon bureau "choix du navigateur"


Pouvez vous m'aider à remédier à tout celà ?

Merci d'avance !
A voir également:

44 réponses

Précédent
Réponse 21 / 44
hburnt Messages postés 179 Statut Membre
 
c:\windows\system32\tgsdk.dll

http://www.virustotal.com/fr/analisis/71a641aaf34fef8e5dd62f3e1bd4025d6e17523ab6738ef0106a27c135dc0b2e-1269946366

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.30 -
AhnLab-V3 5.0.0.2 2010.03.30 -
AntiVir 7.10.5.250 2010.03.30 -
Antiy-AVL 2.0.3.7 2010.03.30 -
Authentium 5.2.0.5 2010.03.30 W32/AdAgent.H.gen!Eldorado
Avast 4.8.1351.0 2010.03.29 -
Avast5 5.0.332.0 2010.03.29 -
AVG 9.0.0.787 2010.03.29 -
BitDefender 7.2 2010.03.30 -
CAT-QuickHeal 10.00 2010.03.30 -
ClamAV 0.96.0.0-git 2010.03.30 PUA.Packed.ASPack
Comodo 4437 2010.03.30 -
DrWeb 5.0.2.03220 2010.03.30 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7396 2010.03.30 -
F-Prot 4.5.1.85 2010.03.29 W32/AdAgent.H.gen!Eldorado
F-Secure 9.0.15370.0 2010.03.30 -
Fortinet 4.0.14.0 2010.03.29 -
GData 19 2010.03.30 -
Ikarus T3.1.1.80.0 2010.03.30 -
Jiangmin 13.0.900 2010.03.30 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.30 -
McAfee 5935 2010.03.29 -
McAfee+Artemis 5935 2010.03.29 -
McAfee-GW-Edition 6.8.5 2010.03.30 -
Microsoft 1.5605 2010.03.30 -
NOD32 4984 2010.03.30 -
Norman 6.04.10 2010.03.29 -
nProtect 2009.1.8.0 2010.03.30 -
Panda 10.0.2.2 2010.03.29 -
PCTools 7.0.3.5 2010.03.30 -
Prevx 3.0 2010.03.30 -
Rising 22.41.01.03 2010.03.30 -
Sophos 4.52.0 2010.03.30 -
Sunbelt 6116 2010.03.30 -
Symantec 20091.2.0.41 2010.03.30 -
TheHacker 6.5.2.0.247 2010.03.29 -
TrendMicro 9.120.0.1004 2010.03.30 -
VBA32 3.12.12.2 2010.03.30 -
ViRobot 2010.3.30.2252 2010.03.30 -
VirusBuster 5.0.27.0 2010.03.30 -
Information additionnelle
File size: 379904 bytes
MD5...: 83632070ffbe7a762df042b56c5f9324
SHA1..: 1f49f89ed16552c89f038454d5ace64bcf4972e2
SHA256: 71a641aaf34fef8e5dd62f3e1bd4025d6e17523ab6738ef0106a27c135dc0b2e
ssdeep: 6144:bAQuWH/vQeCZhI966AGkAjOpoaY75CRjxHuxQILkqt6+uhOdX:buWH/v1CH
q6xGJOpqlagxLztwOV

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3c001
timedatestamp.....: 0x49137d55 (Thu Nov 06 23:27:17 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x2c000 0xb400 8.00 4011a45b13fd630db98d427ad28b3119
0x2d000 0x7000 0x3600 7.99 236176912360728ae784d8c4ab3ed299
0x34000 0x2000 0x400 7.80 d912d8ad7e2681652055b1b4bc157f3a
0x36000 0x1000 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x37000 0x1000 0x200 6.37 c2dfc23d5ca7f1d68c032d951c244e0d
0x38000 0x3000 0x1a00 7.97 74fd9776e498e48d31effd2ebd99c09d
0x3b000 0x1000 0x1000 0.14 c14622ab7313af508cc88a99f722862b
.data 0x3c000 0x4a000 0x49200 7.92 5ee971fb240414dc35e451aa1d1b7896
.adata 0x86000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 10 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> msimg32.dll: TransparentBlt
> gdiplus.dll: GdipMeasureString
> user32.dll: GetClassNameW
> gdi32.dll: GetStockObject
> oleaut32.dll: -
> msvcp80.dll: _swap@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXAAV12@@Z
> msvcr80.dll: __3@YAXPAX@Z
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 1 exports )
GetInterface

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Renovation Software
copyright....: Copyright 2008 Renovation Software
product......: TextGrab SDK
description..: TextGrabSDK Core Module
original name: tgsdk.dll
internal name: TextGrabSDK core
file version.: 3.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (F-Prot): Aspack
packers (Authentium): Aspack, Aspack
0
Réponse 22 / 44
hburnt Messages postés 179 Statut Membre
 
tgsdk.dll

http://www.virustotal.com/fr/analisis/71a641aaf34fef8e5dd62f3e1bd4025d6e17523ab6738ef0106a27c135dc0b2e-1269946366

a-squared 4.5.0.50 2010.03.30 -
AhnLab-V3 5.0.0.2 2010.03.30 -
AntiVir 7.10.5.250 2010.03.30 -
Antiy-AVL 2.0.3.7 2010.03.30 -
Authentium 5.2.0.5 2010.03.30 W32/AdAgent.H.gen!Eldorado
Avast 4.8.1351.0 2010.03.29 -
Avast5 5.0.332.0 2010.03.29 -
AVG 9.0.0.787 2010.03.29 -
BitDefender 7.2 2010.03.30 -
CAT-QuickHeal 10.00 2010.03.30 -
ClamAV 0.96.0.0-git 2010.03.30 PUA.Packed.ASPack
Comodo 4437 2010.03.30 -
DrWeb 5.0.2.03220 2010.03.30 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7396 2010.03.30 -
F-Prot 4.5.1.85 2010.03.29 W32/AdAgent.H.gen!Eldorado
F-Secure 9.0.15370.0 2010.03.30 -
Fortinet 4.0.14.0 2010.03.29 -
GData 19 2010.03.30 -
Ikarus T3.1.1.80.0 2010.03.30 -
Jiangmin 13.0.900 2010.03.30 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.30 -
McAfee 5935 2010.03.29 -
McAfee+Artemis 5935 2010.03.29 -
McAfee-GW-Edition 6.8.5 2010.03.30 -
Microsoft 1.5605 2010.03.30 -
NOD32 4984 2010.03.30 -
Norman 6.04.10 2010.03.29 -
nProtect 2009.1.8.0 2010.03.30 -
Panda 10.0.2.2 2010.03.29 -
PCTools 7.0.3.5 2010.03.30 -
Prevx 3.0 2010.03.30 -
Rising 22.41.01.03 2010.03.30 -
Sophos 4.52.0 2010.03.30 -
Sunbelt 6116 2010.03.30 -
Symantec 20091.2.0.41 2010.03.30 -
TheHacker 6.5.2.0.247 2010.03.29 -
TrendMicro 9.120.0.1004 2010.03.30 -
VBA32 3.12.12.2 2010.03.30 -
ViRobot 2010.3.30.2252 2010.03.30 -
VirusBuster 5.0.27.0 2010.03.30 -
Information additionnelle
File size: 379904 bytes
MD5...: 83632070ffbe7a762df042b56c5f9324
SHA1..: 1f49f89ed16552c89f038454d5ace64bcf4972e2
SHA256: 71a641aaf34fef8e5dd62f3e1bd4025d6e17523ab6738ef0106a27c135dc0b2e
ssdeep: 6144:bAQuWH/vQeCZhI966AGkAjOpoaY75CRjxHuxQILkqt6+uhOdX:buWH/v1CH
q6xGJOpqlagxLztwOV

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3c001
timedatestamp.....: 0x49137d55 (Thu Nov 06 23:27:17 2008)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x2c000 0xb400 8.00 4011a45b13fd630db98d427ad28b3119
0x2d000 0x7000 0x3600 7.99 236176912360728ae784d8c4ab3ed299
0x34000 0x2000 0x400 7.80 d912d8ad7e2681652055b1b4bc157f3a
0x36000 0x1000 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x37000 0x1000 0x200 6.37 c2dfc23d5ca7f1d68c032d951c244e0d
0x38000 0x3000 0x1a00 7.97 74fd9776e498e48d31effd2ebd99c09d
0x3b000 0x1000 0x1000 0.14 c14622ab7313af508cc88a99f722862b
.data 0x3c000 0x4a000 0x49200 7.92 5ee971fb240414dc35e451aa1d1b7896
.adata 0x86000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 10 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> msimg32.dll: TransparentBlt
> gdiplus.dll: GdipMeasureString
> user32.dll: GetClassNameW
> gdi32.dll: GetStockObject
> oleaut32.dll: -
> msvcp80.dll: _swap@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXAAV12@@Z
> msvcr80.dll: __3@YAXPAX@Z
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 1 exports )
GetInterface

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Renovation Software
copyright....: Copyright 2008 Renovation Software
product......: TextGrab SDK
description..: TextGrabSDK Core Module
original name: tgsdk.dll
internal name: TextGrabSDK core
file version.: 3.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (F-Prot): Aspack
packers (Authentium): Aspack, Aspack
0
Réponse 23 / 44
hburnt Messages postés 179 Statut Membre
 
Analyse CHKDSK : c'est bien déroulée, en plusieurs étapes, vérification, corrections et quelques suppression.

Ensuite, sfc /scannow lancé, le système demande les CD win XP pack 3, j'ai seulement les master DVD, j'ai passé les 2 et il les rejette, les version ne correspondant pas au contenu du cd...
0
Réponse 24 / 44
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
ok

ton windows a besoin de reparation on verra a la fin si c'est toujours le cas et ce qu'il en ai



Crée un fichier avec le bloc-note, clic droit sur le bureau et choisit nouveau/document texte
tu NOMME le fichier CFscript
copie colle le contenu ci-dessous a l'interieur du fichier texte (blocnote) :






killall::

file::
c:\windows\system32\tgsdkx.dll
c:\windows\system32\tgsdk.dll

folder::
d:\documents and settings\Nico\Local Settings\Application Data\ctlaudiopack







Sauvegarde bien le fichier avec le nom suivant : CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe (que tu a renommer)
tu reste clic dessus le fichier Cfscript et tu le depose sur l'icone de combofix renommé

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


puis fait ce scan car il reste des choses soit des restes d'infections ou autre



/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\

* Rends toi sur cette page, et clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par une infection)
http://www.gmer.net/
* Lance Gmer
* Dans l'onglet "Rootkit", clique sur "Scan" puis patiente.
* A la fin, clique sur "Save" et enregistre le rapport sur ton Bureau.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 44
hburnt Messages postés 179 Statut Membre
 
Raport CFscript

ComboFix 10-03-28.03 - Nico 01/04/2010 9:55.4.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.566 [GMT 2:00]
Lancé depuis: d:\documents and settings\Nico\Bureau\nico.exe
Commutateurs utilisés :: d:\documents and settings\Nico\Bureau\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Un nouveau point de restauration a été créé

FILE ::
"c:\windows\system32\tgsdk.dll"
"c:\windows\system32\tgsdkx.dll"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tgsdk.dll
c:\windows\system32\tgsdkx.dll
d:\documents and settings\Nico\Local Settings\Application Data\ctlaudiopack

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-01 au 2010-04-01 ))))))))))))))))))))))))))))))))))))
.

2010-03-29 17:05 . 2010-03-29 17:19 -------- d-----w- C:\nico
2010-03-26 08:15 . 2010-03-26 08:15 -------- d-----r- d:\documents and settings\LocalService.AUTORITE NT.002\Favoris
2010-03-26 08:15 . 2010-03-26 08:15 -------- d-sh--w- d:\documents and settings\LocalService.AUTORITE NT.002\IETldCache
2010-03-23 15:07 . 2010-03-29 17:02 3899 ---ha-w- d:\documents and settings\All Users\Application Data\SystemProfile\mouse.sys
2010-03-23 15:07 . 2010-03-23 15:07 -------- d-----w- d:\documents and settings\All Users\Application Data\SystemProfile
2010-03-23 15:07 . 2010-03-23 15:07 -------- d-sh--w- d:\documents and settings\All Users\Application Data\948A41E58E4F443786FD85C565598E44
2010-03-23 15:07 . 2009-03-04 13:38 40960 ----a-w- c:\windows\system32\Crypt.dll
2010-03-23 15:07 . 2009-03-04 13:38 309328 ----a-w- c:\windows\system32\AddEmail.dll
2010-03-23 15:07 . 2009-03-04 13:38 141072 ----a-w- c:\windows\system32\XZip.dll
2010-03-23 15:06 . 2010-03-23 15:06 -------- d-----w- c:\windows\system32\GroupPolicies
2010-03-19 14:03 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-17 08:11 . 2010-03-17 08:11 -------- d-----w- c:\windows\system32\AGEIA
2010-03-17 08:11 . 2010-03-17 08:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-12 11:50 . 2010-03-12 11:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Ubisoft
2010-03-11 08:49 . 2010-03-11 08:49 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-11 08:17 . 2003-07-06 12:07 372736 ----a-w- c:\windows\system32\IJL_11.DLL
2010-03-10 12:14 . 2010-03-10 12:26 -------- d-----w- d:\documents and settings\Nico\Local Settings\Application Data\DFH
2010-03-07 18:12 . 2010-03-18 08:17 -------- d-----w- d:\documents and settings\Nico\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 08:08 . 2009-10-25 13:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-01 08:05 . 2010-02-11 13:01 49 --sha-w- c:\windows\system32\mmf.sys
2010-03-30 12:02 . 2010-01-19 09:18 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-30 12:02 . 2010-01-19 09:18 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-29 17:05 . 2009-11-26 09:50 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-03-29 16:26 . 2006-03-10 20:46 124768 ----a-w- d:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-29 15:11 . 2010-01-19 09:18 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-29 14:04 . 2010-01-16 14:37 -------- d-----w- d:\documents and settings\Nico\Application Data\vlc
2010-03-29 11:38 . 2009-12-19 14:22 -------- d-----w- c:\program files\trend micro
2010-03-29 11:19 . 2004-09-23 16:12 85404 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-29 11:19 . 2004-09-23 16:12 513080 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 14:15 . 2010-02-04 13:09 -------- d-----w- d:\documents and settings\Nico\Application Data\dvdcss
2010-03-26 08:53 . 2009-11-26 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 16:03 . 2009-10-12 11:48 -------- d-----w- d:\documents and settings\Nico\Application Data\BitTorrent
2010-03-23 09:18 . 2010-01-02 18:59 -------- d-----w- d:\documents and settings\Nico\Application Data\FreeFLVConverter
2010-03-17 08:11 . 2010-01-18 12:45 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-03-16 15:39 . 2009-12-18 10:36 -------- d-----w- c:\program files\Electronic Arts
2010-03-16 13:39 . 2010-01-19 10:08 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-12 13:05 . 2007-04-22 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 12:09 . 2009-09-26 12:32 -------- d-----w- d:\documents and settings\Nico\Application Data\GrabIt
2010-03-10 12:06 . 2010-02-11 14:11 -------- d-----w- c:\program files\THQ
2010-03-10 11:26 . 2010-02-20 17:31 -------- d-----w- c:\program files\John Deere American Builder Deluxe
2010-02-20 17:18 . 2010-02-20 17:17 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-20 14:53 . 2010-02-20 14:43 -------- d-----w- c:\program files\John Deere American Farmer Deluxe
2010-02-19 09:58 . 2010-02-19 09:58 -------- d-----w- c:\program files\WildGames
2010-02-19 08:45 . 2010-02-19 08:45 -------- d-----w- c:\program files\GrabIt
2010-02-17 15:56 . 2010-02-17 15:56 -------- d--h--r- d:\documents and settings\Nico\Application Data\SecuROM
2010-02-17 09:01 . 2007-07-10 16:59 -------- d-----w- c:\program files\DivX
2010-02-17 09:00 . 2010-02-17 08:59 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2010-02-12 12:43 . 2010-02-12 12:43 253584 ----a-w- d:\documents and settings\LocalService.AUTORITE NT.002\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-12 11:53 . 2010-02-12 11:53 -------- d-----w- c:\program files\USArmy
2010-02-12 11:53 . 2010-02-12 09:51 -------- d-----w- d:\documents and settings\All Users\Application Data\AA3DeployClient
2010-02-11 13:01 . 2010-02-11 13:01 48640 ----a-w- c:\windows\mmfs.dll
2010-02-11 13:01 . 2010-02-11 13:01 16384 ----a-w- c:\windows\runservice.exe
2010-02-11 12:57 . 2010-02-11 12:57 -------- d-----w- c:\program files\Battlefront
2010-02-10 19:23 . 2010-02-10 08:54 -------- d-----w- d:\documents and settings\All Users\Application Data\America's Army Deploy Client
2010-02-05 08:17 . 2010-02-03 15:02 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-04 15:01 . 2010-02-04 15:01 -------- d-----w- c:\program files\StuffPlug3
2010-02-03 15:11 . 2010-01-09 17:27 -------- d-----w- c:\program files\MSBuild
2010-02-03 15:10 . 2010-02-03 15:10 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-03 15:09 . 2010-02-03 15:09 -------- d-----w- c:\program files\Microsoft.NET
2010-02-03 15:09 . 2010-02-03 15:09 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-03 15:09 . 2008-04-19 08:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-03 15:06 . 2010-02-03 15:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-03 15:03 . 2010-02-03 15:03 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-03 14:31 . 2010-02-03 14:31 -------- d-----w- d:\documents and settings\Nico\Application Data\Windows Live Writer
2010-02-02 08:55 . 2009-09-26 12:32 -------- d-----w- d:\documents and settings\Nico\Application Data\Calendrier Xtra
2010-02-01 17:07 . 2008-06-23 13:15 -------- d-----w- c:\program files\Google
2010-01-19 09:23 . 2010-01-19 09:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-19 09:18 . 2010-01-19 09:18 22328 ----a-w- d:\documents and settings\Nico\Application Data\PnkBstrK.sys
2010-01-19 09:18 . 2010-01-19 09:18 22328 ----a-w- d:\documents and settings\Nico\Application Data\PnkBstrK.sys
2010-01-19 09:18 . 2010-01-19 09:18 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-18 12:39 . 2010-01-18 12:39 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-18 12:39 . 2010-01-18 12:39 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-14 08:52 . 2009-11-15 12:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 08:52 . 2009-11-15 12:03 152576 ----a-w- d:\documents and settings\Nico\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-14 08:51 . 2009-11-15 12:02 79488 ----a-w- d:\documents and settings\Nico\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-08 10:07 . 2004-09-23 17:10 86815 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-07 15:07 . 2009-12-20 13:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-20 13:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 14:50 . 2009-11-26 13:31 180256 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-26 14:50 . 2009-11-26 13:31 10784 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NECHotkey"="mHotkey.exe" [2006-01-11 548864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-11-16 121856]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-05-07 53248]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\sixteen tons entertainment\\Emergency 4\\Em4.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/06/2007 17:38 691696]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [23/04/2007 14:52 24786]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19/01/2009 20:31 277544]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/11/2009 12:06 108289]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [11/02/2010 15:01 16384]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [22/04/2007 16:20 799744]
R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14/04/2004 14:52 20736]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [22/04/2007 16:22 7040]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 19:07 135664]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [23/04/2007 14:52 45534]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [29/10/2009 11:22 30603640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 23:10 32512]
S3 osppsvc;Office Software Protection Platform;c:\program files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 05:28 4639136]
.
Contenu du dossier 'Tâches planifiées'

2010-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-03-30 c:\windows\Tasks\Configurer mon PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 08:03]

2010-03-30 c:\windows\Tasks\Extension de garantie.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 11:55]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:07]

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: chat-land.org
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 10:06
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spor.sys hal.dll >>UNKNOWN [0x87582938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf771ff28
\Driver\ACPI -> ACPI.sys @ 0xf7426cb8
\Driver\atapi -> atapi.sys @ 0xf72e5b40
\Driver\iaStor -> iaStor.sys @ 0xf73357b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7196bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71a3a21
SendHandler -> NDIS.sys @ 0xf718187b
user & kernel MBR OK
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2143172442-2371611599-2422344048-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A7CFA-4D1A-2565-3D17-3ADD1630009C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oafhahhalogacnaldppkhohfdhgeej"=hex:64,61,65,6a,6d,67,63,6b,00,e0
"oabgakfldpelhadndjggbebhpehfei"=hex:69,61,63,6a,61,64,66,69,63,69,66,69,6c,6c,
6e,66,67,61,00,00
"nahgkmafmmhobolnigfgholhkmda"=hex:69,61,63,6a,61,64,66,69,63,69,66,69,6c,6c,
6e,66,67,61,00,00

[HKEY_USERS\S-1-5-21-2143172442-2371611599-2422344048-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:aa,78,23,10,31,14,cf,21,cf,3e,ab,0c,63,a3,16,6f,2f,50,18,c0,3d,c3,b7,
45,7e,6f,40,00,de,7d,4d,4a,0c,94,ed,a6,dc,e3,38,00,38,ad,07,ea,2b,a8,00,a6,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{51E2427C-8584-07B7-23DE47D3A7EA0FAE}\{FE4DB2DE-8B1B-C18C-3FBFE7B17663DE6A}\{D7759A44-051C-D7DE-9FB52EA4C570BE7C}*]
"WVZENWCHWFKXMRXM1FQWBAYGMD1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}*]
"WVZENWCHWFKXMRXM1FQWBAYGMD1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2836)
c:\progra~1\MICROS~2\Office14\1036\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\mHotkey.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\program files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe
c:\progra~1\FICHIE~1\PHILIP~1\USBCON~1.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Heure de fin: 2010-04-01 10:11:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-01 08:11
ComboFix2.txt 2010-03-30 07:51
ComboFix3.txt 2010-03-29 17:19

Avant-CF: 2 864 619 520 octets libres
Après-CF: 2 812 313 600 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8DC8FAA73E7A497D6C96E37B7E27AC1A
0
Réponse 26 / 44
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
salut


Téléchargez SystemLook sur le Bureau à partir d'un des liens ci-dessous.
http://jpshortstuff.247fixes.com/SystemLook.exe
ou
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe
* Double-cliquer sur SystemLook.exepour le lancer.
* Clic droit|Copier sur ce qui suit , et clic droit|Coller dans la zone texte de




:filefind
atapi.sys
CLASSPNP.SYS
ACPI.sys
iaStor.sys



* Cliquer sur le bouton Look pour démarrer l'examen.
* le Bloc-notes s'ouvrira avec le résultat de l'analyse.
Copier-coller le rapport dans la prochaine réponse.

Note : Le rapport peut aussi être trouvé sur le Bureau sous le nom SystemLook.txt
0
Réponse 27 / 44
hburnt Messages postés 179 Statut Membre
 
Salut,

Lorsque je lance Gmer, le scan s'effectue, mais lorsque à la fin je clique sur "save" ca plante tout, ma souris se transforme en sablier, je l'ai laissé 3h...et rien pas de rapport et aucune réponse du pc pour fermer gmer ni meme arreter l'ordi.

Si je te poste la liste des éléments scanné (type, value, etc) ca te va ?
0
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
c'est surtout le rapport qu'il faut pas TOUS les elements lister dans la fenetre de GMER.

essaye en mode sans echec en redemarrant ton PC au bip tapote F8 et choisit mode sans echec et réessaye GMER


et fait aussi systemlook
0
Réponse 28 / 44
hburnt Messages postés 179 Statut Membre
 
Raport Gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-05 18:06:54
Windows 5.1.2600 Service Pack 3
Running: vq2gr10z.exe; Driver: D:\DOCUME~1\Nico\LOCALS~1\Temp\pxldypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x26 0xD4 0x99 0x80 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2B 0x6F 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x24 0xFE 0x61 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBA 0x70 0xB0 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x23 0x02 0xBD 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2B 0x6F 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0xB6 0xB0 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0x89 0xC8 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0x18 0x09 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2B 0x6F 0x6A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0xB6 0xB0 0x12 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0x89 0xC8 0x55 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0x18 0x09 0xB7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2B 0x6F 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{51E2427C-8584-07B7-23DE47D3A7EA0FAE}\{FE4DB2DE-8B1B-C18C-3FBFE7B17663DE6A}\{D7759A44-051C-D7DE-9FB52EA4C570BE7C}
Reg HKLM\SOFTWARE\Classes\CLSID\{51E2427C-8584-07B7-23DE47D3A7EA0FAE}\{FE4DB2DE-8B1B-C18C-3FBFE7B17663DE6A}\{D7759A44-051C-D7DE-9FB52EA4C570BE7C}@WVZENWCHWFKXMRXM1FQWBAYGMD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}
Reg HKLM\SOFTWARE\Classes\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}@WVZENWCHWFKXMRXM1FQWBAYGMD1 0x01 0x00 0x01 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A7CFA-4D1A-2565-3D17-3ADD1630009C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A7CFA-4D1A-2565-3D17-3ADD1630009C}@oafhahhalogacnaldppkhohfdhgeej 0x64 0x61 0x65 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A7CFA-4D1A-2565-3D17-3ADD1630009C}@oabgakfldpelhadndjggbebhpehfei 0x69 0x61 0x63 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A7CFA-4D1A-2565-3D17-3ADD1630009C}@nahgkmafmmhobolnigfgholhkmda 0x69 0x61 0x63 0x6A ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR

---- EOF - GMER 1.0.15 ----
0
Réponse 29 / 44
hburnt Messages postés 179 Statut Membre
 
Voici le raport SystemLook

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:24 on 05/04/2010 by Nico (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys "
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [09:58 08/01/2010] [20:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [17:17 29/03/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [12:58 05/08/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--- 96512 bytes [20:59 03/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [20:59 03/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

Searching for "CLASSPNP.SYS "
C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys -----c 49664 bytes [09:58 08/01/2010] [12:00 10/08/2004] D86173B401470F06D9810F7962969DDF
C:\WINDOWS\ServicePackFiles\i386\classpnp.sys ------ 49536 bytes [12:58 05/08/2008] [19:16 13/04/2008] FE47DD8FE6D7768FF94EBEC6C74B2719
C:\WINDOWS\system32\dllcache\classpnp.sys --a--- 49536 bytes [16:10 23/09/2004] [19:16 13/04/2008] FE47DD8FE6D7768FF94EBEC6C74B2719
C:\WINDOWS\system32\drivers\classpnp.sys --a--- 49536 bytes [16:10 23/09/2004] [19:16 13/04/2008] FE47DD8FE6D7768FF94EBEC6C74B2719

Searching for "ACPI.sys "
C:\WINDOWS\$NtServicePackUninstall$\acpi.sys -----c 188672 bytes [09:58 08/01/2010] [12:00 10/08/2004] 0BD94FBFC14EA3606CD6CA4C0255BAA3
C:\WINDOWS\ServicePackFiles\i386\acpi.sys ------ 188672 bytes [12:58 05/08/2008] [01:52 14/04/2008] E5E6DBFC41EA8AAD005CB9A57A96B43B
C:\WINDOWS\system32\dllcache\acpi.sys --a--- 188672 bytes [22:36 03/08/2004] [01:52 14/04/2008] E5E6DBFC41EA8AAD005CB9A57A96B43B
C:\WINDOWS\system32\drivers\acpi.sys --a--- 188672 bytes [22:36 03/08/2004] [01:52 14/04/2008] E5E6DBFC41EA8AAD005CB9A57A96B43B

Searching for "iaStor.sys"
C:\PNP\MOBO\IASTOR.SYS ------ 874240 bytes [11:07 12/10/2005] [11:07 12/10/2005] 309C4D86D989FB1FCF64BD30DC81C51B
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys --a--- 508416 bytes [14:19 22/04/2007] [10:08 12/10/2005] 7C2D98D430DD91570DB63E819B9BC7E0
C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys --a--- 874240 bytes [14:19 22/04/2007] [10:07 12/10/2005] 309C4D86D989FB1FCF64BD30DC81C51B
C:\WINDOWS\system32\drivers\iaStor.sys --a--- 874240 bytes [22:00 31/12/1979] [10:07 12/10/2005] 309C4D86D989FB1FCF64BD30DC81C51B
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys --a--- 874240 bytes [14:19 22/04/2007] [11:07 12/10/2005] 309C4D86D989FB1FCF64BD30DC81C51B

-=End Of File=-
0
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
slt

oki


Crée un fichier avec le bloc-note, clic droit sur le bureau et choisit nouveau/document texte
tu NOMME le fichier CFscript
copie colle le contenu ci-dessous a l'interieur du fichier texte (blocnote) :


KillAll::
RegNull::
[HKEY_USERS\S-1-5-21-2143172442-2371611599-2422344048-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A7CFA-4D1A-2565-3D17-3ADD1630009C}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{51E2427C-8584-07B7-23DE47D3A7EA0FAE}\{FE4DB2DE-8B1B-C18C-3FBFE7B17663DE6A}\{D7759A44-051C-D7DE-9FB52EA4C570BE7C}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}*]


Sauvegarde bien le fichier avec le nom suivant : CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe (que tu a renommer)
tu reste clic dessus le fichier Cfscript et tu le depose sur l'icone de combofix renommé

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
0
Réponse 30 / 44
hburnt Messages postés 179 Statut Membre
 
hola, merci, voici le raport :

ComboFix 10-03-28.03 - Nico 06/04/2010 19:54:48.5.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.589 [GMT 2:00]
Lancé depuis: d:\documents and settings\Nico\Bureau\nico.exe
Commutateurs utilisés :: d:\documents and settings\Nico\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
- Mode FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-06 au 2010-04-06 ))))))))))))))))))))))))))))))))))))
.

2010-03-29 17:05 . 2010-03-29 17:19 -------- d-----w- C:\nico
2010-03-26 08:15 . 2010-03-26 08:15 -------- d-----r- d:\documents and settings\LocalService.AUTORITE NT.002\Favoris
2010-03-26 08:15 . 2010-03-26 08:15 -------- d-sh--w- d:\documents and settings\LocalService.AUTORITE NT.002\IETldCache
2010-03-23 15:07 . 2010-03-29 17:02 3899 ---ha-w- d:\documents and settings\All Users\Application Data\SystemProfile\mouse.sys
2010-03-23 15:07 . 2010-03-23 15:07 -------- d-----w- d:\documents and settings\All Users\Application Data\SystemProfile
2010-03-23 15:07 . 2010-03-23 15:07 -------- d-sh--w- d:\documents and settings\All Users\Application Data\948A41E58E4F443786FD85C565598E44
2010-03-23 15:07 . 2009-03-04 13:38 40960 ----a-w- c:\windows\system32\Crypt.dll
2010-03-23 15:07 . 2009-03-04 13:38 309328 ----a-w- c:\windows\system32\AddEmail.dll
2010-03-23 15:07 . 2009-03-04 13:38 141072 ----a-w- c:\windows\system32\XZip.dll
2010-03-23 15:06 . 2010-03-23 15:06 -------- d-----w- c:\windows\system32\GroupPolicies
2010-03-19 14:03 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-17 08:11 . 2010-03-17 08:11 -------- d-----w- c:\windows\system32\AGEIA
2010-03-17 08:11 . 2010-03-17 08:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-12 11:50 . 2010-03-12 11:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Ubisoft
2010-03-11 08:49 . 2010-03-11 08:49 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-11 08:17 . 2003-07-06 12:07 372736 ----a-w- c:\windows\system32\IJL_11.DLL
2010-03-10 12:14 . 2010-03-10 12:26 -------- d-----w- d:\documents and settings\Nico\Local Settings\Application Data\DFH
2010-03-07 18:12 . 2010-03-18 08:17 -------- d-----w- d:\documents and settings\Nico\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 18:02 . 2009-10-25 13:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 17:59 . 2010-02-11 13:01 49 --sha-w- c:\windows\system32\mmf.sys
2010-04-02 11:50 . 2010-01-16 14:37 -------- d-----w- d:\documents and settings\Nico\Application Data\vlc
2010-03-30 12:02 . 2010-01-19 09:18 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-30 12:02 . 2010-01-19 09:18 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-29 17:05 . 2009-11-26 09:50 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-03-29 16:26 . 2006-03-10 20:46 124768 ----a-w- d:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-29 15:11 . 2010-01-19 09:18 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-29 11:38 . 2009-12-19 14:22 -------- d-----w- c:\program files\trend micro
2010-03-29 11:19 . 2004-09-23 16:12 85404 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-29 11:19 . 2004-09-23 16:12 513080 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 14:15 . 2010-02-04 13:09 -------- d-----w- d:\documents and settings\Nico\Application Data\dvdcss
2010-03-26 08:53 . 2009-11-26 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 16:03 . 2009-10-12 11:48 -------- d-----w- d:\documents and settings\Nico\Application Data\BitTorrent
2010-03-23 09:18 . 2010-01-02 18:59 -------- d-----w- d:\documents and settings\Nico\Application Data\FreeFLVConverter
2010-03-17 08:11 . 2010-01-18 12:45 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-03-16 15:39 . 2009-12-18 10:36 -------- d-----w- c:\program files\Electronic Arts
2010-03-16 13:39 . 2010-01-19 10:08 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-12 13:05 . 2007-04-22 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-10 12:09 . 2009-09-26 12:32 -------- d-----w- d:\documents and settings\Nico\Application Data\GrabIt
2010-03-10 12:06 . 2010-02-11 14:11 -------- d-----w- c:\program files\THQ
2010-03-10 11:26 . 2010-02-20 17:31 -------- d-----w- c:\program files\John Deere American Builder Deluxe
2010-02-25 06:17 . 2004-09-23 16:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 17:18 . 2010-02-20 17:17 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-20 14:53 . 2010-02-20 14:43 -------- d-----w- c:\program files\John Deere American Farmer Deluxe
2010-02-19 09:58 . 2010-02-19 09:58 -------- d-----w- c:\program files\WildGames
2010-02-19 08:45 . 2010-02-19 08:45 -------- d-----w- c:\program files\GrabIt
2010-02-17 15:56 . 2010-02-17 15:56 -------- d--h--r- d:\documents and settings\Nico\Application Data\SecuROM
2010-02-17 09:01 . 2007-07-10 16:59 -------- d-----w- c:\program files\DivX
2010-02-17 09:00 . 2010-02-17 08:59 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2010-02-12 12:43 . 2010-02-12 12:43 253584 ----a-w- d:\documents and settings\LocalService.AUTORITE NT.002\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-12 11:53 . 2010-02-12 11:53 -------- d-----w- c:\program files\USArmy
2010-02-12 11:53 . 2010-02-12 09:51 -------- d-----w- d:\documents and settings\All Users\Application Data\AA3DeployClient
2010-02-11 13:01 . 2010-02-11 13:01 48640 ----a-w- c:\windows\mmfs.dll
2010-02-11 13:01 . 2010-02-11 13:01 16384 ----a-w- c:\windows\runservice.exe
2010-02-11 12:57 . 2010-02-11 12:57 -------- d-----w- c:\program files\Battlefront
2010-02-10 19:23 . 2010-02-10 08:54 -------- d-----w- d:\documents and settings\All Users\Application Data\America's Army Deploy Client
2010-01-19 09:23 . 2010-01-19 09:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-19 09:18 . 2010-01-19 09:18 22328 ----a-w- d:\documents and settings\Nico\Application Data\PnkBstrK.sys
2010-01-19 09:18 . 2010-01-19 09:18 22328 ----a-w- d:\documents and settings\Nico\Application Data\PnkBstrK.sys
2010-01-19 09:18 . 2010-01-19 09:18 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-18 12:39 . 2010-01-18 12:39 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-18 12:39 . 2010-01-18 12:39 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-14 08:52 . 2009-11-15 12:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 08:52 . 2009-11-15 12:03 152576 ----a-w- d:\documents and settings\Nico\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-14 08:51 . 2009-11-15 12:02 79488 ----a-w- d:\documents and settings\Nico\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-08 10:07 . 2004-09-23 17:10 86815 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-07 15:07 . 2009-12-20 13:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-20 13:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 14:50 . 2009-11-26 13:31 180256 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-26 14:50 . 2009-11-26 13:31 10784 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NECHotkey"="mHotkey.exe" [2006-01-11 548864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-11-16 121856]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-05-07 53248]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\sixteen tons entertainment\\Emergency 4\\Em4.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [23/04/2007 14:52 24786]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19/01/2009 20:31 277544]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/11/2009 12:06 108289]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [11/02/2010 15:01 16384]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [22/04/2007 16:20 799744]
R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14/04/2004 14:52 20736]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [22/04/2007 16:22 7040]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 19:07 135664]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [23/04/2007 14:52 45534]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [29/10/2009 11:22 30603640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 23:10 32512]
S3 osppsvc;Office Software Protection Platform;c:\program files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 05:28 4639136]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/06/2007 17:38 691696]
.
Contenu du dossier 'Tâches planifiées'

2010-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-05 c:\windows\Tasks\Configurer mon PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 08:03]

2010-04-05 c:\windows\Tasks\Extension de garantie.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 11:55]

2010-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:07]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:07]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: chat-land.org
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2143172442-2371611599-2422344048-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:aa,78,23,10,31,14,cf,21,cf,3e,ab,0c,63,a3,16,6f,2f,50,18,c0,3d,c3,b7,
45,7e,6f,40,00,de,7d,4d,4a,0c,94,ed,a6,dc,e3,38,00,38,ad,07,ea,2b,a8,00,a6,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3960)
c:\progra~1\MICROS~2\Office14\1036\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\mHotkey.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\program files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\FICHIE~1\PHILIP~1\USBCON~1.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Heure de fin: 2010-04-06 20:04:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-06 18:04
ComboFix2.txt 2010-04-01 08:11
ComboFix3.txt 2010-03-30 07:51
ComboFix4.txt 2010-03-29 17:19

Avant-CF: 2 628 816 896 octets libres
Après-CF: 2 579 910 656 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DA4E0D8778F4505FF2AC88AEA52A2BDE
0
Réponse 31 / 44
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
slt

tu peux refaire sa stp :


va dans demarrer / executer

tu tape

CHKDSK

puis entrée

un scan va ce lancer laisse le faire et suit les instructions a la fin si on t'en donne.


=======


puis retourne dans demarrer / executer tape

CMD

puis entrée

dans la fenetre noir tu tape

sfc /scannow (il y a un espace entre les 2)

un scan va ce lancer, laisse faire si on te demande le CD de windows met le si tu l'as.

dit moi ce que les 2 commandes t 'on mise et si sa va mieux.
0
Réponse 32 / 44
hburnt Messages postés 179 Statut Membre
 
Bonjour,
CHKDSK : l'analyse c'est lancée, il y a eu une série du suppression puis la fenetre c'est fermé d'elle même.

CMD : Demande CD Pack 3 Windows XP Pro. J'ai mis mes 2 master DVD, il refuse les deux, donc j'ai annulé à chaque fois et l'analyse à continué sans réparer windows puis c'est terminée sans rien de particulier.
0
Réponse 33 / 44
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
slt

bon ok, on va voir cette histoire de MBR


DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

? Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/...

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.

? laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
0
Réponse 34 / 44
hburnt Messages postés 179 Statut Membre
 
List'em by g3n-h@ckm@n 1.7.0.3

User : Nico (Administrateurs)
Update on 08/04/2010 by g3n-h@ckm@n ::::: 03.30
Start at: 17:28:32 | 08/04/2010

Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 37,8 Go (2,15 Go free) [HDD] | NTFS
D:\ -> Disque fixe local | 241,65 Go (34,56 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible | 59,44 Mo (2,06 Mo free) [PHONE CARD] | FAT
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
L:\ -> Disque amovible | 495,99 Mo (324,59 Mo free) [CLEF] | FAT32
M:\ -> Disque amovible
N:\ -> Disque fixe local | 9,77 Go (9,69 Go free) | NTFS
P:\ -> Disque fixe local | 27,49 Go (438 Mo free) [FILM] | NTFS
Q:\ -> Disque amovible | 953,23 Mo (716,03 Mo free) [MELANIE] | FAT

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\FICHIE~1\PHILIP~1\USBCON~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\alg.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SmpcSys REG_SZ C:\APPS\SMP\SmpSys.exe
AlcoholAutomount REG_SZ "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
NECHotkey REG_SZ mHotkey.exe
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe
AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
ATSwpNav REG_SZ "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
MM_MODULE REG_SZ C:\Program Files\MIC\HAWAII\Hawaii.exe
mmtask REG_SZ c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
/AutoLaunchHDD70 REG_SZ C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe
Ulead AutoDetector v2 REG_SZ C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
BCSSync REG_SZ "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoLogOff REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ Nico
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DefaultPassword REG_SZ
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Nico
AltDefaultDomainName REG_SZ MOI
DefaultDomainName REG_SZ MOI
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\sixteen tons entertainment\Emergency 4\Em4.exe REG_SZ C:\Program Files\sixteen tons entertainment\Emergency 4\Em4.exe:*:Enabled:Em4
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\system32\PnkBstrA.exe REG_SZ C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
C:\WINDOWS\system32\PnkBstrB.exe REG_SZ C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE REG_SZ C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace
C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE REG_SZ C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe REG_SZ C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL9~1.0
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1E54D648-B804-468d-BC78-4AFFED8E262F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9122D757-5A4F-4768-82C5-B4171D8556A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]

==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========


Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
242 Go total, 34,56 Go libre (14%), 12% fragment' (fragmentation du fichier 24%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : D:\Documents and Settings\All Users\Application Data\.zreglib
Present !! : D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : D:\recycler\NPROTECT
Present !! : C:\Program Files\WinPCap
Present !! : C:\WINDOWS\kb913800.exe
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\WanPacket.dll
Present !! : C:\WINDOWS\System32\wpcap.dll
Present !! : C:\WINDOWS\UA000059.DLL
Present !! : D:\Documents and Settings\Nico\Application Data\ItsLabel

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogoff
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-2143172442-2371611599-2422344048-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-2143172442-2371611599-2422344048-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogoff
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_Irmon
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet001\Services\Irmon
Present !! : HKLM\SYSTEM\ControlSet001\Services\npf
Present !! : HKLM\SYSTEM\ControlSet001\Services\poof
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_Irmon
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet003\Services\Irmon
Present !! : HKLM\SYSTEM\ControlSet003\Services\npf
Present !! : HKLM\SYSTEM\ControlSet004\Enum\Root\Legacy_Irmon
Present !! : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet004\Services\Irmon
Present !! : HKLM\SYSTEM\ControlSet004\Services\npf
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_Irmon
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\Irmon
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\npf

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 17:44:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !

=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 17:44:27,85
0
Réponse 35 / 44
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
salut


? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

? choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

? colle le contenu dans ta reponse


puis


? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

? choisis l'option Restore MBR

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

? colle le contenu dans ta reponse
0
Réponse 36 / 44
hburnt Messages postés 179 Statut Membre
 
Bonjour,
Voici le raport kill'em suite à l'option Clean

Kill'em by g3n-h@ckm@n 1.7.0.3

User : Nico (Administrateurs)
Update on 08/04/2010 by g3n-h@ckm@n ::::: 03.30
Start at: 10:11:34 | 09/04/2010

Intel(R) Pentium(R) D CPU 2.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 37,8 Go (2,15 Go free) [HDD] | NTFS
D:\ -> Disque fixe local | 241,65 Go (34,54 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible | 59,44 Mo (2,06 Mo free) [PHONE CARD] | FAT
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
L:\ -> Disque amovible | 495,99 Mo (324,59 Mo free) [CLEF] | FAT32
M:\ -> Disque amovible
N:\ -> Disque fixe local | 9,77 Go (9,69 Go free) | NTFS
P:\ -> Disque fixe local | 27,49 Go (438 Mo free) [FILM] | NTFS
Q:\ -> Disque amovible | 953,23 Mo (716,03 Mo free) [MELANIE] | FAT


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : D:\Documents and Settings\All Users\Application Data\.zreglib
Quarantined & Deleted !! : D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : D:\recycler\NPROTECT
Quarantined & Deleted !! : C:\Program Files\WinPCap
Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\Packet.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\WanPacket.dll
Quarantined & Deleted !! : C:\WINDOWS\UA000059.DLL
Quarantined & Deleted !! : D:\Documents and Settings\Nico\Application Data\ItsLabel
Deleted !! : D:\RECYCLER\S-1-5-21-2143172442-2371611599-2422344048-1005\Dd1.url

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogoff
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\Software\Trymedia Systems"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_Irmon
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet001\Services\Irmon
Deleted : HKLM\SYSTEM\ControlSet001\Services\npf
Deleted : HKLM\SYSTEM\ControlSet001\Services\poof
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_Irmon
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet003\Services\Irmon
Deleted : HKLM\SYSTEM\ControlSet003\Services\npf
Deleted : HKLM\SYSTEM\ControlSet004\Enum\Root\Legacy_Irmon
Deleted : HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet004\Services\Irmon
Deleted : HKLM\SYSTEM\ControlSet004\Services\npf
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 37 / 44
hburnt Messages postés 179 Statut Membre
 
Et voici le raport kill'em suite à l'option Restaure MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !

Merci
0
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
slt

peut tu faire sa :

redemarre ton PC au bip tapote F8 et choisit mode sans echec

puis lance GMER qui doit ce trouver sur ton bureau et enregistre le rapport et poste le ensuite stp


voici le canned :

/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\

* Rends toi sur cette page, et clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par une infection)
http://www.gmer.net/
* Lance Gmer
* Dans l'onglet "Rootkit", clique sur "Scan" puis patiente.
* A la fin, clique sur "Save" et enregistre le rapport sur ton Bureau.
0
Réponse 38 / 44
hburnt Messages postés 179 Statut Membre
 
Bonjour, voici le raport Gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-09 22:49:25
Windows 5.1.2600 Service Pack 3
Running: vq2gr10z.exe; Driver: D:\DOCUME~1\Nico\LOCALS~1\Temp\pxldypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x26 0xD4 0x99 0x80 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2B 0x6F 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x24 0xFE 0x61 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBA 0x70 0xB0 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x23 0x02 0xBD 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2B 0x6F 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0xB6 0xB0 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0x89 0xC8 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0x18 0x09 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2B 0x6F 0x6A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0xB6 0xB0 0x12 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x67 0x89 0xC8 0x55 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0x18 0x09 0xB7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0x2B 0x6F 0x6A ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR

---- EOF - GMER 1.0.15 ----
0
Réponse 39 / 44
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
et bien ecoute apparament c'est fini, plis d'infection

par contre ton PC a besoin de reparation et je ne sais quel fichier et endommager....donc sa va etre difficile


fait deja sa pour nettoyer la desinfection :


Sous VISTA

==> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
https://www.androidworld.fr/

* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.

---------------------------------------------------------------------------------


Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

* Télécharge Toolscleaner sur ton Bureau
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta prochaine réponse



puis


verfie la vulnerabilité de windows et aussi d'autre produits, tu desinstalle les ancienne version des logiciels que tu dois mettre a jour

- Soit par le biais de ce site internet il faut installer l'active X puis
clic start scan et le site montre d'une croix rouge les faille de
sécurité pour quelques produits important installé sur le PC comme
java, IE, windows, flashplayer, adobe...les + importantes
https://www.flexera.com/products/operations/software-vulnerability-management.html

- Soit on peut aussi passer par un logiciel a installer qui scan le PC et
affiche TOUTES les mises a jour des logiciels et produits installé sur
le PC
https://filehippo.com/windows/tuning-utilities/

puis repasse un coup de CCleaner et dit moi si ta toujours des problemes ?
0
Réponse 40 / 44
chai1310 Messages postés 331 Statut Membre 84
 
surtout ne clique pas sur le raccourci, si tu clic dessus, ton adresse ip va etre communiquer a celui qui ta envoier le cheval de troie et ensuite...

Voila comment faire pour supprimer le cheval de troie (je sais comment le supprimer parceque je sais comment le creer ,fais mois confiance)
-ouvre bloc notes
-tape sa :
@echo off
del "C:\WINDOWS\system32\sshnas21.dll"
tkdin TR/Agent.207360
shutdown

-ensuite fais dans le bloc note : fichier>Enregistrer sous... et tu le nomme :
tkdin TR/Agent.207360.bat
et yauras marquer "type" , tu met tous les fichiers
(quand tu l'auras enregistrer, le .bat sera invisible, c'est normal)

-ensuite clique dessus (une fenetre noir va s'ouvrir et se refermez juste apres, c'est normal) ensuite ton ordinateur va s'eteindre et quand tu le rallumerra yaura plus rien.
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses