Problème divers virus

Fermé
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010 - 15 avril 2010 à 15:36
 Utilisateur anonyme - 18 avril 2010 à 15:07
Bonjour,

Cela fait une semaine que je suis embêtée avec divers virus !
J'ai utilisé malwarebytes et mon antivirus est avira !
J'ai nettoyé plusieurs fois mais ça revient !
Je vous colle le rapport malwarebytes !
merci d'avance pour votre aide






Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3970

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

15/04/2010 15:26:50
mbam-log-2010-04-15 (15-26-50).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 108608
Temps écoulé: 4 minute(s), 13 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
C:\Users\Angèle\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\users\angèle\appdata\roaming\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\Angèle\AppData\Roaming\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\system32\Drivers\dpuczth.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Angèle\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.


et voici hijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:32, on 15/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vsnpstd.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Change Mon Ecran\CmeSystray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {D4DF8EF6-460D-4B91-9696-9F00EF65943C} - c:\windows\system32\gqpixtu.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www8.agame.com/games/shockwave/m/My3DRoom/My3DRoom_girlsgogames_fr.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Ajouter à Change Mon Ecran - c:\windows\CmeIE.htm
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: Service Google Update (gupdate1c9a72b5dea1ce2) (gupdate1c9a72b5dea1ce2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
A voir également:

20 réponses

Utilisateur anonyme
15 avril 2010 à 16:27
bonjour
Désactive l'UAC: controle de compte d'utilisateur

Clique sur le menu Démarrer puis sur Panneau de configuration , Comptes d'utilisateurs
Clique sur Activer ou désactiver le contrôle des comptes d'utilisateurs:
Une nouvelle fenêtre s'ouvre,décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur puis OK:
Une demande s'affiche si vous voulez redémarrer votre ordinateur, clique sur redémarrer maintenant

Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme
Télécharge Gmer http://www.gmer.net/
* Clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par une infection)
Clic droit sur Gmer, et sur exécuter en tant qu'administrateur
* Dans l'onglet "Rootkit", clique sur "Scan" puis patiente.
* A la fin, clique sur "Save" et enregistre le rapport sur ton Bureau.
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
15 avril 2010 à 20:49
bonjour et merci pour ta réponse rapide
cependant gmer plante avant la fin même en le renommant et en mode sans échec aussi !!
As tu une autre solution ?
0
Attention, avant de commencer, lit attentivement la procédure, et imprime la

Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

tutoriel pour bien utiliser l'outil
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Clic droit sur ComboFix.exe, et sur exécuter en tant qu'administrateur
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie...Clique sur oui pour accepter
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
15 avril 2010 à 22:30
voilà le rapport :


ComboFix 10-04-14.04 - Angèle 15/04/2010 22:01:06.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1954 [GMT 2:00]
Lancé depuis: c:\users\Angèle\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Angèle\AppData\Roaming\Microsoft\Windows\Recent\VideoLAN Website.url
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}\chrome\xulcache.jar
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}\install.rdf
c:\windows\system32\75895-BAMBI ET PANPAN 24 11 2009 .pps
c:\windows\system32\banlieue ...pps
c:\windows\system32\Fw _ .eml
D:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.

2010-04-15 20:11 . 2010-04-15 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-15 10:57 . 2010-04-15 11:13 -------- d-----w- c:\program files\adslTV
2010-04-15 08:11 . 2010-04-15 08:15 -------- d-----w- c:\program files\Games
2010-04-13 15:46 . 2010-04-13 15:46 -------- d-----w- C:\MicroGaming(2)
2010-04-13 09:55 . 2010-04-13 10:56 -------- d-----w- c:\program files\a-squared Free
2010-04-13 08:08 . 2010-04-13 08:08 -------- d-----w- c:\program files\MSECache
2010-04-09 09:52 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 09:52 . 2010-04-09 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 09:52 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 06:32 . 2010-04-09 06:32 -------- d-----w- c:\program files\Trend Micro
2010-04-08 08:56 . 2010-04-16 04:15 -------- d-----w- c:\program files\Glary Utilities
2010-04-03 07:46 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-03 07:44 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-03 07:44 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-03 07:44 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-03 07:44 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-03 07:44 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-04-03 07:44 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-04-02 23:55 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-02 23:25 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-02 23:25 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-02 23:25 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-02 08:56 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-02 08:56 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-02 08:56 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-04-02 08:56 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-04-02 08:55 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-02 08:55 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-04-02 08:55 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-02 08:55 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-02 08:55 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-02 08:55 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-02 08:55 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-02 08:55 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-02 08:55 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-04-02 08:50 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-02 08:50 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-04-02 08:50 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-04-02 08:50 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-02 08:49 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-02 08:49 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-02 08:49 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-04-02 08:49 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-02 08:49 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-04-02 08:49 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-02 08:49 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-02 08:49 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-02 08:49 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-04-02 08:49 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-04-02 08:48 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-04-02 08:47 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-02 08:47 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-02 08:47 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-02 08:47 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-04-02 08:47 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-04-02 08:46 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-04-02 08:46 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-04-02 08:46 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-02 08:46 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-02 08:46 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-02 07:59 . 2010-04-02 07:59 10752 ----a-w- c:\windows\DCEBoot.exe
2010-04-02 07:51 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-01 11:38 . 2010-04-01 11:38 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-03-27 17:05 . 2010-03-27 17:05 -------- d-----w- c:\programdata\Particles
2010-03-17 08:39 . 2010-04-16 04:15 -------- d-----w- c:\programdata\Fenomen Games

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 04:15 . 2010-01-26 17:45 -------- d-----w- c:\programdata\JollyBear
2010-04-16 04:15 . 2009-09-01 10:29 -------- d-----w- c:\programdata\Awem
2010-04-16 04:15 . 2008-05-09 02:18 -------- d-----w- c:\program files\Microsoft Works
2010-04-16 04:11 . 2008-05-09 02:17 -------- d-----w- c:\program files\Microsoft.NET
2010-04-16 04:10 . 2010-03-07 15:10 -------- d-----w- c:\program files\Activision Value
2010-04-15 20:06 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-15 20:06 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-15 18:19 . 2009-03-17 18:07 -------- d-----w- c:\programdata\Google Updater
2010-04-13 12:32 . 2010-02-19 12:12 -------- d-----w- c:\programdata\PlayFirst
2010-04-12 08:38 . 2009-10-25 19:21 -------- d-----w- c:\program files\Microsoft
2010-04-12 08:37 . 2008-05-09 02:16 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 09:42 . 2008-05-09 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 09:40 . 2010-03-04 17:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-06 16:35 . 2009-08-06 11:51 -------- d-----w- c:\program files\Zylom Games
2010-04-03 21:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-27 17:04 . 2009-07-12 16:40 -------- d-----w- c:\program files\LeeGTs Games
2010-03-07 16:27 . 2010-03-07 16:27 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix
2010-03-04 17:54 . 2010-03-04 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-03 13:11 . 2010-03-03 13:11 40960 ----a-w- c:\programdata\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
2010-03-03 13:05 . 2010-03-03 13:05 41075 ----a-w- c:\programdata\MGS\cache\c\chiefsfortunebonus.c2bec570aab63ef04a9e9131551006f6.dll
2010-03-03 13:04 . 2010-03-03 13:04 409872 ----a-w- c:\programdata\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
2010-03-03 13:04 . 2010-03-03 13:04 463120 ----a-w- c:\programdata\MGS\cache\c\complexpickxofybonus.244de60f7c0c0169f0772e5811794d9e.dll
2010-03-03 12:58 . 2010-03-03 12:58 233744 ----a-w- c:\programdata\MGS\cache\c\casinowarxxx.07a6656e153859c2f09a4efde26ba0d5.dll
2010-03-03 12:58 . 2010-03-03 12:58 118784 ----a-w- c:\programdata\MGS\cache\c\casinowar.e981fb96518533a1e37361e9d8163b74.dll
2010-03-03 12:57 . 2010-03-03 12:57 131072 ----a-w- c:\programdata\MGS\cache\t\type_5reelprogressive3_4_5.c65d2830787ed7999b948455e324121b.dll
2010-03-03 12:57 . 2010-03-03 12:57 159744 ----a-w- c:\programdata\MGS\cache\p\progressive_temp.979c9e04248bf52052c2caf1e627d86b.dll
2010-03-03 12:57 . 2010-03-03 12:57 151552 ----a-w- c:\programdata\MGS\cache\p\progressive.8fe1347dac5a6804834d35e86c789f9a.dll
2010-03-03 12:57 . 2010-03-03 12:57 122880 ----a-w- c:\programdata\MGS\cache\t\type_3reelprogressive1_2.a0c5e56438d504531121ead802e24dcf.dll
2010-03-03 12:54 . 2010-03-03 12:54 159744 ----a-w- c:\programdata\MGS\cache\c\cashanovagetlucky.70edc0ef64acff9d67d53ba965b991b4.dll
2010-03-03 12:54 . 2010-03-03 12:54 135168 ----a-w- c:\programdata\MGS\cache\c\cashanovagetlucky_temp.b71b6ce6d93f57e6e8d79f64bfda39ca.dll
2010-03-03 12:54 . 2010-03-03 12:54 434448 ----a-w- c:\programdata\MGS\cache\c\cashanovafreerangebonus.c80646018f801b82af1a85ac0f07ba46.dll
2010-03-03 12:54 . 2010-03-03 12:54 217360 ----a-w- c:\programdata\MGS\cache\c\cashanovafreerangebonus_temp.598336f9707e832cab943342026367f4.dll
2010-03-03 12:52 . 2010-03-03 12:52 303376 ----a-w- c:\programdata\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
2010-03-03 12:52 . 2010-03-03 12:52 295184 ----a-w- c:\programdata\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
2010-03-03 12:51 . 2010-03-03 12:51 119056 ----a-w- c:\programdata\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
2010-03-03 12:47 . 2010-03-03 12:47 131344 ----a-w- c:\programdata\MGS\cache\b\bonus_threereel_types_1_2.19c24a05687d90864e9a9de516d92124.dll
2010-03-03 12:47 . 2010-03-03 12:47 45056 ----a-w- c:\programdata\MGS\cache\w\wheelofwealthbonus.273ed6671a16c67a5d50ecde6a66097a.dll
2010-03-03 12:47 . 2010-03-03 12:47 1486848 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_gao_dec_2009.cd728f719824c5074cc6023ea106ea1e.dll
2010-03-03 12:47 . 2010-03-03 12:47 618496 ----a-w- c:\programdata\MGS\cache\g\gamble2_gao_dec_2009.637d031249b1b22e0b31d5303f3811be.dll
2010-03-03 12:47 . 2010-03-03 12:47 679936 ----a-w- c:\programdata\MGS\cache\t\transition_gao_dec_2009.ddf657439bc1cbce99e8763fee9803a4.dll
2010-03-03 12:47 . 2010-03-03 12:47 1040384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_gao_dec_2009.f5605c1fe8513561f2bef5c3c0c1a546.dll
2010-03-03 12:43 . 2010-03-03 12:43 385024 ----a-w- c:\programdata\MGS\cache\b\bonusblackjack.dab6343a296b066bd5fe18d7c7d9940f.dll
2010-03-03 12:43 . 2010-03-03 12:43 483600 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_tggg.10cdcb3e64c301c60db4d11d2d7781a4.dll
2010-03-03 12:43 . 2010-03-03 12:43 446736 ----a-w- c:\programdata\MGS\cache\h\hilowbonus.ecf70c1bd892c000f22ce30d5b0ba784.dll
2010-03-03 12:43 . 2010-03-03 12:43 958464 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_flightzone.1173d08d2670eede892e3adf07022f08.dll
2010-03-03 12:40 . 2010-03-03 12:40 594192 ----a-w- c:\programdata\MGS\cache\s\snakesandladdersbonus.1b7d7437b87cc53b7a00c4efd2db679d.dll
2010-03-03 12:27 . 2010-03-03 12:27 61440 ----a-w- c:\programdata\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
2010-03-03 12:27 . 2010-03-03 12:27 57344 ----a-w- c:\programdata\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll
2010-03-03 12:26 . 2010-03-03 12:26 213089 ----a-w- c:\programdata\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
2010-03-03 12:26 . 2010-03-03 12:26 430352 ----a-w- c:\programdata\MGS\cache\s\simplepickxofyskillbonus.8d56aeea91f0d0bbdf41c578fbf38496.dll
2010-03-03 12:20 . 2010-03-03 12:20 376832 ----a-w- c:\programdata\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
2010-03-03 12:17 . 2010-03-03 12:17 1040384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_novgao_09.0f4a9e5f0c3aacc5fd59c75d3646b44e.dll
2010-03-03 12:17 . 2010-03-03 12:17 1474560 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_novgao_09.bca283e127879ce59170c465ef11ba05.dll
2010-03-03 12:17 . 2010-03-03 12:17 897024 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_novgao_09.cf52962a5fbf37c5c088bd5d667653d4.dll
2010-03-03 12:17 . 2010-03-03 12:17 921600 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_novgao_09.2d0e2f5fb79a1dee2f0dba3ac916277d.dll
2010-03-03 12:17 . 2010-03-03 12:17 618496 ----a-w- c:\programdata\MGS\cache\g\gamble2_novgao_09.5e06bb19f897ab866a50c262ff639055.dll
2010-03-03 12:17 . 2010-03-03 12:17 679936 ----a-w- c:\programdata\MGS\cache\t\transition_novgao_09.002d2269f327b0c9a9e9f327bc91130b.dll
2010-03-03 12:11 . 2010-03-03 12:11 237840 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
2010-03-03 12:11 . 2010-03-03 12:11 217360 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
2010-03-03 12:10 . 2010-03-03 12:10 24638 ----a-w- c:\programdata\MGS\cache\_\_crt_scratch.960d1fa68750fa010e573df52f42c947.dll
2010-03-03 12:10 . 2010-03-03 12:10 421888 ----a-w- c:\programdata\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll
2010-03-03 12:10 . 2010-03-03 12:10 909584 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp.05f0b16a67acb189be99508aa088d348.dll
2010-03-03 12:10 . 2010-03-03 12:10 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_septgao_09.1d5fda158c9a9d1dcbf9e88c5355d884.dll
2010-03-03 12:10 . 2010-03-03 12:10 1904753 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2010-03-03 12:10 . 2010-03-03 12:10 829840 ----a-w- c:\programdata\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
2010-03-03 12:10 . 2010-03-03 12:10 1474560 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_wealthspa.548276e787b133afb9b912eb95b8b5c5.dll
2010-03-03 12:10 . 2010-03-03 12:10 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp2.198f2a88c7f89c1d0b1ded39e546e22b.dll
2010-03-03 12:10 . 2010-03-03 12:10 1638400 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_summerholiday.19e3e7b6f28b2f036c0b87d00fc799b9.dll
2010-03-03 12:10 . 2010-03-03 12:10 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1.d6634c03808be76623e7497fcb1eb424.dll
2010-03-03 12:10 . 2010-03-03 12:10 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_octgao_09.c2cbb8fc70fbf865a9d78d9a5874a4ce.dll
2010-03-03 12:09 . 2010-03-03 12:09 1626112 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_flightzone.40d3a7b3fae72091b79e1759db110c70.dll
2010-03-03 12:09 . 2010-03-03 12:09 367747 ----a-w- c:\programdata\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
2010-03-03 12:09 . 2010-03-03 12:09 327784 ----a-w- c:\programdata\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2010-03-03 12:09 . 2010-03-03 12:09 303204 ----a-w- c:\programdata\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2010-03-03 12:09 . 2010-03-03 12:09 311398 ----a-w- c:\programdata\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2010-02-25 19:48 . 2010-02-25 19:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-24 09:16 . 2009-10-03 07:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-03 07:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-03 07:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-03 07:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-03 07:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 11:22 . 2010-02-22 11:22 -------- d-----w- c:\programdata\QB9
2010-02-16 13:06 . 2009-01-31 14:26 -------- d-----w- c:\program files\Free Easy Burner
2010-02-16 10:45 . 2010-02-16 10:45 -------- d-----w- c:\programdata\WindowsSearch
2010-02-12 17:34 . 2010-02-12 17:34 40 ----a-w- c:\windows\ujf635.bin
2010-02-11 16:31 . 2010-02-11 16:31 233744 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
2010-02-11 16:31 . 2010-02-11 16:31 495888 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus.aa7eb4e3b4774e5cad0d4f8562ca860d.dll
2010-02-11 16:31 . 2010-02-11 16:31 561424 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll
2010-02-11 16:31 . 2010-02-11 16:31 1056768 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_flightzone.1f65e9ffaab494fa7dea6b149ec7a671.dll
2010-02-11 16:30 . 2010-02-11 16:30 290941 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll
2010-02-11 16:30 . 2010-02-11 16:30 139264 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll
2010-02-11 16:30 . 2010-02-11 16:30 114688 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll
2010-02-11 16:30 . 2010-02-11 16:30 246032 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.4b954e6e9e7bfe3947a12889040c706e.dll
2010-02-11 16:30 . 2010-02-11 16:30 225552 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.e45a40be28c5bc5514b9e806f30cdc6f.dll
2010-02-11 16:29 . 2010-02-11 16:29 200704 ----a-w- c:\programdata\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
2010-02-11 16:12 . 2010-02-11 16:12 32768 ----a-w- c:\programdata\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2010-02-11 16:11 . 2010-02-11 16:11 290922 ----a-w- c:\programdata\MGS\cache\m\mpvcommunityslotsplugin.3d81e7021617be93688755b2da22dceb.dll
2010-02-11 16:11 . 2010-02-11 16:11 282699 ----a-w- c:\programdata\MGS\cache\s\slotxxx.d425f74ccb6f6455be09ebe426c90c75.dll
2010-02-11 16:11 . 2010-02-11 16:11 262252 ----a-w- c:\programdata\MGS\cache\w\wheelofwealthbonusplugin.92047ad5bdc826b2122a71a16afa227d.dll
2010-02-11 16:11 . 2010-02-11 16:11 98390 ----a-w- c:\programdata\MGS\cache\s\singleobjects.8ee24693860e1ddd1e27939e8eb192aa.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2009-05-27 20:31 147928 ----a-w- c:\users\Angèle\AppData\Local\easyMule\modules\IE2EM.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 39408]
"Google Update"="c:\users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-24 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-08-18 206192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Angèle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-17 12:20 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-13 08:05 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-853564230-787149935-4199651853-1000]
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-02 721904]
R1 Lgmxk;Microsoft Lgmxk support;c:\windows\system32\drivers\Lgmxk.sys [2009-03-03 34432]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\System32\drivers\prodrv04.sys [x]
R2 gupdate1c9a72b5dea1ce2;Service Google Update (gupdate1c9a72b5dea1ce2);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 sbniyeyi;Brother MFC USB Serial WDM Controller;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-04 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-22 43552]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - dpuczth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sbniyeyi
.
Contenu du dossier 'Tâches planifiées'

2010-04-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-08 11:03]

2010-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-10 01:14]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 18:08]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 18:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: Ajouter à Change Mon Ecran - c:\windows\CmeIE.htm
IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellIconOverlayIdentifiers-{1025695B-34D2-4F8C-BA61-37071754708F} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 22:12
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP000000227ECDEB2C1BF8330E 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpuczth]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-853564230-787149935-4199651853-1000\Software\SecuROM\License information*]
"datasecu"=hex:34,d7,6d,2c,58,b9,d0,2a,2a,73,c0,61,ec,28,80,e6,53,53,6d,f0,dd,
62,fe,cf,e0,73,97,57,ba,77,84,c8,36,88,c5,b3,72,40,a6,d6,2d,76,8d,72,09,d0,\
"rkeysecu"=hex:1b,d4,c9,fc,db,c7,9a,cb,ef,4d,01,ee,b8,97,76,d1

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-04-15 22:15:06
ComboFix-quarantined-files.txt 2010-04-15 20:15

Avant-CF: 48 310 267 904 octets libres
Après-CF: 51 950 538 752 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - A944B4C225FB6FF16838E57318D6F0A4
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

? Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/...
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Une fois terminée , clic sur "terminer" et le programme se lancera seul

Choisis l'option Search

Une icône blanche et noire va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
Une autre rouge et noir te servira a désinstaller le prog a la fin de la désinfection.

? laisse travailler l'outil

A l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

Un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
15 avril 2010 à 23:13
List'em by g3n-h@ckm@n 1.7.1.0

User : Angèle (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 23:00:02 | 15/04/2010

Athlon(tm) Dual Core Processor 4050e
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 143,02 Go (47,74 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 144,89 Go (144,72 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vsnpstd.exe
C:\Windows\System32\svchost.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Google Update REG_SZ "C:\Users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
AlcoholAutomount REG_SZ "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RtHDVCpl REG_SZ RtHDVCpl.exe
Acer Empowering Technology Monitor REG_SZ C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
EmpoweringTechnology REG_SZ C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
eDataSecurity Loader REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing REG_SZ C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
BkupTray REG_SZ "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
WarReg_PopUp REG_SZ C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
lxczbmgr.exe REG_SZ "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
snpstd REG_SZ C:\Windows\vsnpstd.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Hiyo REG_SZ C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\SOFTWARE

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)
allocatecdroms REG_SZ 0
SFCDisable REG_DWORD 0 (0x0)
System REG_SZ

===============


===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============


===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/
Local Page REG_SZ C:\Windows\System32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\Windows\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

========
Safemode
========

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" : OK !!

=========
Atapi.sys
=========

C:\Windows\ERDNT\cache\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]

C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys :
MD5 :: [1f05b78ab91c9075565a9d8a4b880bc4]
SHA256 :: [737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]

C:\Windows\System32\drivers\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys :
MD5 :: [4f4fcb8b6ea06784fb6d475b7ec7300f]
SHA256 :: [6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: ACER

Taille du volume = 143 Go
Espace libre = 47.76 Go
tendue d'espace libre la plus grande = 7.85 Go
Pourcentage de fragmentation des fichiers = 0 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\Trymedia
Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Present !! : C:\Windows\System32\MSINET.oca
Present !! : C:\Users\AngSle\AppData\Local\timzf.bat
Present !! : C:\Users\AngSle\AppData\Local\d3d9caps.dat
Present !! : C:\Users\AngSle\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\AngSle\AppData\Roaming\.#
Present !! : C:\Users\AngSle\LOCAL Settings\Temp\rtdrvmon.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-853564230-787149935-4199651853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : "HKLM\software\Poker 770"

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 23:08:54
Windows 6.0.6001 Service Pack 1 FAT NTAPI

scanning hidden processes ...

C:\Program Files\List_Kill'em\swreg.exe [20504] 0xCE432D90
C:\Program Files\List_Kill'em\swreg.exe [20612] 0x88FBBD90

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 2
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x856A01F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8569f1f8
IoDeviceObjectType -> ParseProcedure -> 0x10000
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x10000
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 23:08:55,54
0
Utilisateur anonyme
15 avril 2010 à 23:31
? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

? choisis l'Option Clean

Ton PC va redemarrer,

Laisse travailler l'outil.

En fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

? Colle le contenu dans ta réponse

Il y a une infection probable de rootkit MBR, on va voir cela après
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
15 avril 2010 à 23:58
Kill'em by g3n-h@ckm@n 1.7.1.0

User : Angèle (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 23:40:28 | 15/04/2010

Athlon(tm) Dual Core Processor 4050e
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 143,02 Go (47,67 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 144,89 Go (144,72 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\ProgramData\aygda_save.log
Quarantined & Deleted !! : C:\ProgramData\doicrane_save.log
Quarantined & Deleted !! : C:\ProgramData\ETM2.txt
Quarantined & Deleted !! : C:\ProgramData\LauncherAccess.dt
Quarantined & Deleted !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Quarantined & Deleted !! : C:\ProgramData\Trymedia
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe

Quarantined & Deleted !! : C:\Windows\System32\MSINET.oca
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\timzf.bat
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Roaming\.#
Quarantined & Deleted !! : C:\Users\AngSle\LOCAL Settings\Temp\rtdrvmon.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I0LZYTI.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I4K0R83
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I8M21U5
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IHN61K1
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IKMIDKS
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$ISV45VU
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IV28M90
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IVYWD4H.rar
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$R0LZYTI.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$RVYWD4H.rar

==============
host file OK !
==============

========
Registry
========

Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Deleted : "HKLM\Software\Trymedia Systems"
Deleted : "HKLM\software\Poker 770"
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Utilisateur anonyme
16 avril 2010 à 00:16
On continuera demain
bonne nuit
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
16 avril 2010 à 00:18
ok merci bonne nuit
0
Utilisateur anonyme
16 avril 2010 à 11:31
Bonjour
Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe
et enregistre le fichier sur le Bureau.


Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe
Sous Vista, ne pas oublier de lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.
Un rapport sera généré : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.

Si c'est le cas, continue comme ça :

Dans le menu Démarrer- Exécuter tape : "%userprofile%\Desktop\mbr" -f
Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"

Réactive tes protections
Poste ce rapport et supprimes-le ensuite.

Pour vérifier

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Relance mbr.exe

Réactive tes protections.

Le nouveau mbr.log devrait être celui-ci :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK


Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
16 avril 2010 à 13:38
bonjour
cela me met ça :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x856a01f8
IoDeviceObjectType -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
\Device\Harddisk0\DR0 -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !


est ce que je dois faire la suite ?

Si oui je tape exactement ça ? "%userprofile%\Desktop\mbr" -f
ou je change userprofile ?
0
Tape exactement ceci "%userprofile%\Desktop\mbr" -f
n'oublie pas les guillemets
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
Modifié par melina99 le 16/04/2010 à 13:55
ça n'a rien changé !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x856a01f8
IoDeviceObjectType -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
\Device\Harddisk0\DR0 -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
0
Utilisateur anonyme
16 avril 2010 à 14:15
Relance List Kill'em et sélectionne l'option 6 (restore MBR)
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
16 avril 2010 à 14:20
ça me donne le même rapport
0
Utilisateur anonyme
17 avril 2010 à 16:59
bonjour
Je suis à la recherche d'une solution pour régler ce problème
0
Utilisateur anonyme
17 avril 2010 à 17:47

C:\WINDOWS\System32\ntoskrnl.exe
C:\WINDOWS\System32\Drivers\CLASSPNP.SYS
C:\WINDOWS\System32\Drivers\disk.sys
C:\WINDOWS\System32\Drivers\acpi.sys
C:\WINDOWS\System32\hal.dll


Analyse ces fichiers sur Virus Total
https://www.virustotal.com/gui/
Clique sur parcourir
Dans la fenêtre qui s'ouvre, cherche le fichier et sélectionne le, puis clique sur ouvrir
Clique sur envoyer le fichier
une fois le scan terminé, donne moi le résultat
0
melina99 Messages postés 10 Date d'inscription jeudi 15 avril 2010 Statut Membre Dernière intervention 17 avril 2010
17 avril 2010 à 18:46
bonjour,
tout est à 0 ! rien de trouvé !
0
Utilisateur anonyme
18 avril 2010 à 15:07
bonjour
est-ce que je pourrai voir les rapports, car c'est pour voir
si les fichiers ont toujours une signature numérique
0