Virus ou problème de logiciels?

Question

Bonjour,
Depuis un peu plus d'une semaine, je rencontre de nombreux problèmes avec mon ordinateur.
Le problème, c'est que je ne m'y connais pas du tout en informatique, je n'arrive pas à savoir s'il s'agit d'un virus, ou d'un problème avec un logiciel que j'aurais installé.
Mon ordinateur rencontre des problèmes avec tous les sites qui incluent du flash, très souvent, les programmes "ne répondent plus" et surtout, de temps à autres, il s'éteint tout seul.
A un moment, il a redémarré et m'a indiqué qu'il s'agissait d'un problème Bluescreen, mais il ne m'a fait ça qu'une seule fois.
Le scan Antivir n'a rien donné.
Voici le rapport Hijackthis, je ne sais pas si vous réussirez à en tirer quelque chose.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:00, on 22/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32	askeng.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Maelys\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=FRN_FR&Sys=PTB&M=eMachines E510
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=FRN_FR&Sys=PTB&M=eMachines E510
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=FRN_FR&Sys=PTB&M=eMachines E510
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S6DC1.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_2_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

Arc-Atmos · Answer

Salut 

Formate ton disque

Lennie · Answer

Pour formater, il faut d'abord sauvegarder toutes les données sur un support externe, c'est bien ça?
Parce que je n'en ai pas sous la main :/

Arc-Atmos · Answer

Erf t'aurais du les graver sur CD avant

Lennie · Answer

J'ai pas de CD en stock, c'est bien le problème.
N'y a-t-il pas une alternative au formatage?

Arc-Atmos · Answer

sinon aulieu de formater tu met reparer

Lennie · Answer

Euh?
Je suis une vraie quiche en informatique, tu peux préciser, s'il te plaît?

Arc-Atmos · Answer

Bah quand tu vas formater ils te disent reparer entrée ne pas reparer esc et quiter f3

Lennie · Answer

Je vois pas cette option.
Un ami me conseille d'utiliser CCleaner... Est-ce une bonne solution?

Arc-Atmos · Answer

CCleaner est un netoyeur et reparateur de registre

Lennie · Answer

Et donc... ?
C'est super obscur pour moi ^^'

Arc-Atmos · Answer

netoyer les message d'erreur et les fichiers tomporels et suprimer les erreurs ou vide du registre celui qui constitue windows

Lennie · Answer

Et donc, ça ne correspond pas à mon problème?
En fait, concrètement, qu'est ce qui ne va pas avec mon ordi?

Arc-Atmos · Answer

et désolé si je repond pas rapidement je répond a 30 message voir + chaque  10 minutes

Arc-Atmos · Answer

Je crois que c'est un double prob ventilateur de la carte mere et base du registre ou system 32 endomagé (system 32 = le coeur de windows la ou il ya le registre)

Arc-Atmos · Answer

hku hk machin chose concerne le reistre j'avais oublié ça

Arc-Atmos · Answer

CCleaner normalment devrait résoudre la moitié de ton prob

Lennie · Answer

La partie qui concerne le registre est réglée par Ccleaner, c'est ça?
Et le problème de ventilateur, c'est une question de matériel?

En tout cas merci de ta patience et du temps que tu prends pour m'aider!

Arc-Atmos · Answer

partie registre partie ventilo faudra le changer mais avant renseigne toi mieux 

et derien ça fait plaisir

cordialement

Lennie · Answer

Merci encore, je télécharge Ccleaner de ce pas.

Pour les problèmes de ventilations, quels sont les "symptômes", à part les redémarrages?
Parce que mon ordi n'est pas spécialement bruyant

Arc-Atmos · Answer

blocage redémarage jusqu'au suicide etc ....
pour les ordis bruyants c'est le lecteur disquette

Arc-Atmos · Answer

ptite question ?

t'as quel age ?

Lennie · Answer

Donc, il faut que j'aille voir un dépanneur...
Ouch, ça risque de faire cher...

(J'ai 18 ans, pourquoi?)

Arc-Atmos · Answer

j'ai pas de mauvaise intentions juste parceque je te trouves un peu nulle en informatique moi j'ai 13 ans

Arc-Atmos · Answer

pas forcement mais sinon ya aussi l'alimentation pour l'extinction

Arc-Atmos · Answer

ton prob c'est que quand t'allume ton ordi il s'etteint apres un certain moment et des fois il s'éteint pas ? c'est ça ?

Lennie · Answer

Voilà

Arc-Atmos · Answer

youhou j'tai reglé le prob c'est l'alimentation (j'avais deja ce prob auparavant heureusement que j'avais une alimentation en reserve)

gen-hackman · Answer

bonsoir j'aimerais faire une verif:

esssaie ceci stp :

&#9654 Télécharge : Gmer (by Przemyslaw Gmerek)


&#9654 Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

&#9654 Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

&#9654 sur les lignes rouge:

&#9654 Services:cliques droit delete service
&#9654 Process:cliques droit kill process
&#9654 Adl ,file:cliques droit delete files

Lennie.Tah · Answer

Je vais essayer, mais dès que je lance le scan, mon ordinateur ne répond plus ou très peu.

gen-hackman · Answer

il ne doit pas etre très long

Lennie.Tah · Answer

Ce fut long, mais ça a fini par marcher.
Voilà le rapport :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 02:29:53
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Maelys\AppData\Local\Temp\ugtdyuob.sys


---- System - GMER 1.0.15 ----

INT 0x51  ?                                                                                                                   84F64E98
INT 0x52  ?                                                                                                                   84F64E98
INT 0x62  ?                                                                                                                   84F64E98
INT 0x72  ?                                                                                                                   8394ABF8
INT 0x82  ?                                                                                                                   8394ABF8
INT 0x92  ?                                                                                                                   8394EBF8
INT 0x92  ?                                                                                                                   84F64E98
INT 0x92  ?                                                                                                                   8394EBF8
INT 0xA2  ?                                                                                                                   84F64E98

---- Kernel code sections - GMER 1.0.15 ----

?         System32\Drivers\spxr.sys                                                                                           Le chemin d'accès spécifié est introuvable. !
.text     USBPORT.SYS!DllUnload                                                                                               823EF46F 5 Bytes  JMP 84F64478 
.text     azn9665o.SYS                                                                                                        89970000 22 Bytes  [26, 02, C2, 81, 10, 01, C2, ...]
.text     azn9665o.SYS                                                                                                        89970017 181 Bytes  [00, 32, 37, 7A, 80, 3D, 35, ...]
.text     azn9665o.SYS                                                                                                        899700CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]
.text     azn9665o.SYS                                                                                                        899700DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]
.text     azn9665o.SYS                                                                                                        899700E7 714 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text     ...                                                                                                                 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [806996D6] \SystemRoot\System32\Drivers\spxr.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [80699042] \SystemRoot\System32\Drivers\spxr.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [80699800] \SystemRoot\System32\Drivers\spxr.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                           [806990C0] \SystemRoot\System32\Drivers\spxr.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8069913E] \SystemRoot\System32\Drivers\spxr.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [806A8E9C] \SystemRoot\System32\Drivers\spxr.sys
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortNotification]                                          CC358B04
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortWritePortUchar]                                        8389995F
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortWritePortUlong]                                        458B38C6
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    A5A5A514
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                         100D8BA5
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  5F899930
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortReadPortUchar]                                         30810889
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortStallExecution]                                        54771129
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortGetParentBusType]                                      10C25D5E
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortRequestCallback]                                       8B55CC00
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                 084D8BEC
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  0CF0918B
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortCompleteRequest]                                       458B0000
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortMoveMemory]                                            8B108910
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                             000CF491
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                04508900
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  053C7980
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortReadPortUshort]                                        560C558B
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  C6127557
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortInitialize]                                            B18D0502
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortGetDeviceBase]                                         00000CF8
IAT       \SystemRoot\System32\Drivers\azn9665o.SYS[ataport.SYS!AtaPortDeviceStateChange]                                     A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                               [741A88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [741E98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [741AB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [7419FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [741A7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                             [7419EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                 [741DB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [741ABC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [741A074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                             [741A06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [741971B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [7422D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                         [741C7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [7419E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [7419697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                     [741969A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT       C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [741A2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              839501F8
Device    \Driver\volmgr \Device\VolMgrControl                                                                                8394C1F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    84FC93B0
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    84FC93B0
Device    \Driver\usbehci \Device\USBPDO-2                                                                                    84FCB1F8
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                    84FC93B0
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                    84FC93B0
Device    \Driver\usbuhci \Device\USBPDO-5                                                                                    84FC93B0
Device    \Driver\usbehci \Device\USBPDO-6                                                                                    84FCB1F8
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                              8394C1F8
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                              8394C1F8
Device    \Driver\cdrom \Device\CdRom0                                                                                        850251F8
Device    \Driver\cdrom \Device\CdRom1                                                                                        850251F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         8394F1F8
Device    \Driver\iaStor \Device\Ide\iaStor0                                                                                  [822D48E0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  8394F1F8
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  8394F1F8
Device    \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [822D48E0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver
etbt \Device\NetBT_Tcpip_{830EC135-E83C-4CDF-9360-292644D53DF4}                                            85987500
Device    \Driver
etbt \Device\NetBt_Wins_Export                                                                             85987500
Device    \Driver\Smb \Device\NetbiosSmb                                                                                      858ED500
Device    \Driver\PCI_PNP7137 \Device\0000004c                                                                                spxr.sys
Device    \Driver
etbt \Device\NetBT_Tcpip_{402E8C45-DBC0-42E4-A5D5-0A9293A5BFCA}                                            85987500
Device    \Driver\sptd \Device\187005150                                                                                      spxr.sys
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                  8502F1F8
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    84FC93B0
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    84FC93B0
Device    \Driver\usbehci \Device\USBFDO-2                                                                                    84FCB1F8
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                    84FC93B0
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                    84FC93B0
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                    84FC93B0
Device    \Driver
etbt \Device\NetBT_Tcpip_{E4AFC15D-BCB9-40EA-9533-3343F1D5E021}                                            85987500
Device    \Driver\usbehci \Device\USBFDO-6                                                                                    84FCB1F8
Device    \Driver\azn9665o \Device\Scsi\azn9665o1                                                                             8502A458
Device    \Driver\azn9665o \Device\Scsi\azn9665o1Port4Path0Target0Lun0                                                        8502A458
Device    \FileSystem\cdfs \Cdfs                                                                                              9383A280

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x93 0x4E 0x43 0x7B ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xE3 0xD7 0x1A 0x94 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x91 0xEA 0x08 0x05 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x93 0x4E 0x43 0x7B ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xE3 0xD7 0x1A 0x94 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x91 0xEA 0x08 0x05 ...

---- EOF - GMER 1.0.15 ----

gen-hackman · Answer

&#9654 Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche    Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

&#9654 clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\system32\DRIVERS\iaStor.sys

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

Lennie.Tah · Answer

Done : Fichier IaStor.sys reçu le 2010.04.09 11:33:51 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.04.09 - AhnLab-V3 5.0.0.2 2010.04.09 - AntiVir 7.10.6.53 2010.04.09 - Antiy-AVL 2.0.3.7 2010.04.09 - Authentium 5.2.0.5 2010.04.09 W32/Rootkit.FHZ Avast 4.8.1351.0 2010.04.09 - Avast5 5.0.332.0 2010.04.09 - AVG 9.0.0.787 2010.04.09 - BitDefender 7.2 2010.04.09 - CAT-QuickHeal 10.00 2010.04.09 - ClamAV 0.96.0.3-git 2010.04.09 - Comodo 4548 2010.04.09 - DrWeb 5.0.2.03300 2010.04.09 - eSafe 7.0.17.0 2010.04.08 - eTrust-Vet 35.2.7417 2010.04.09 - F-Prot 4.5.1.85 2010.04.08 W32/Rootkit.FHZ F-Secure 9.0.15370.0 2010.04.09 - Fortinet 4.0.14.0 2010.04.08 - GData 19 2010.04.09 - Ikarus T3.1.1.80.0 2010.04.09 - Jiangmin 13.0.900 2010.04.09 - Kaspersky 7.0.0.125 2010.04.09 - McAfee-GW-Edition 6.8.5 2010.04.09 - Microsoft 1.5605 2010.04.09 - NOD32 5012 2010.04.09 - Norman 6.04.11 2010.04.09 - nProtect 2009.1.8.0 2010.04.06 - Panda 10.0.2.2 2010.04.08 - PCTools 7.0.3.5 2010.04.09 - Prevx 3.0 2010.04.09 - Rising 22.42.04.03 2010.04.09 - Sophos 4.52.0 2010.04.09 - Sunbelt 6155 2010.04.09 - Symantec 20091.2.0.41 2010.04.09 - TheHacker 6.5.2.0.258 2010.04.09 - TrendMicro 9.120.0.1004 2010.04.09 - VBA32 3.12.12.4 2010.04.09 - ViRobot 2010.4.9.2269 2010.04.09 - VirusBuster 5.0.27.0 2010.04.09 - Information additionnelle File size: 305176 bytes MD5 : 2358c53f30cb9dcd1d3843c4e2f299b2 SHA1 : fa19676a1ff9712cb03ef32c0c3d42308700d8bb SHA256: c3e5f2d60133b10dea52af11e192dfdc4160611f5f0a86ed66138db91532ca4a PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xC3005
timedatestamp.....: 0x4696B24A (Fri Jul 13 00:59:22 2007)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x438D6 0x43A00 6.47 3f53bf82754019af1628f21115998bd7
.rdata 0x45000 0xB5C 0xC00 5.59 26a1c3efe45e5638c8fe2071c5638ade
.data 0x46000 0x7C6E0 0x1000 4.80 e79837951a43c4ac27e20a547ff263e9
INIT 0xC3000 0xD36 0xE00 5.51 205bf2d106478ff5fce90209207a6dd3
.rsrc 0xC4000 0x458 0x600 2.60 f02cd0abe9a41626cf4f34af4b1af8ca
.reloc 0xC5000 0x1F8A 0x2000 5.54 5aaad750f379cdd27ec75eb714b06d28

( 2 imports )

> hal.dll: KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeStallExecutionProcessor, KeGetCurrentIrql
> ntoskrnl.exe: ZwClose, ZwQueryValueKey, DbgPrint, ZwOpenKey, InterlockedPopEntrySList, IofCompleteRequest, KeSetEvent, PoSetPowerState, _aullshr, IoFreeWorkItem, IoUnregisterPlugPlayNotification, ObfDereferenceObject, KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, memcpy, IoGetDeviceObjectPointer, IoQueueWorkItem, IoAllocateWorkItem, IoRegisterPlugPlayNotification, KeClearEvent, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, ObReferenceObjectByHandle, MmGetPhysicalAddress, KeCancelTimer, KeSetTimerEx, KeInitializeTimerEx, memmove, KeDelayExecutionThread, _aulldiv, strncpy, strncmp, _purecall, sprintf, _allmul, InterlockedPushEntrySList, RtlCompareMemory, IoInvalidateDeviceRelations, KeSetTimer, ExSystemTimeToLocalTime, KeQuerySystemTime, MmUnmapIoSpace, MmMapIoSpace, RtlWriteRegistryValue, ZwCreateKey, swprintf, KeLeaveCriticalRegion, KeEnterCriticalRegion, MmMapLockedPagesSpecifyCache, ExDeleteNPagedLookasideList, KeBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, PsCreateSystemThread, ExInitializeNPagedLookasideList, memset, _aulldvrm, PoRequestPowerIrp, PoStartNextPowerIrp, PoCallDriver, IoReleaseRemoveLockEx, IoAcquireRemoveLockEx, IoFreeIrp, IoAllocateIrp, IoGetAttachedDeviceReference, _alldiv, IoDeleteSymbolicLink, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoInitializeRemoveLockEx, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, IoDeleteDevice, IoDetachDevice, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, KeInitializeDpc, KeInitializeTimer, ExRegisterCallback, ExCreateCallback, IoConnectInterrupt, IoReportResourceForDetection, ExUnregisterCallback, IoDisconnectInterrupt, IoReleaseRemoveLockAndWaitEx, IoGetConfigurationInformation, KeRemoveQueueDpc, KeQueryTimeIncrement, KeTickCount, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, strncat, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObfReferenceObject, PoRegisterDeviceForIdleDetection, IoInvalidateDeviceState, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetDmaAdapter, strstr, RtlCreateRegistryKey, RtlCopyUnicodeString, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoRequestDeviceEject, KeBugCheckEx, RtlUnwind, RtlInitUnicodeString, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, _aullrem, ExFreePoolWithTag

( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 6144:1Mq0uXXatU/AUlKRHP7lq7jvlYeRcXExP:DatU4U0787jv3R1 sigcheck: publisher....: Intel Corporation
copyright....: Copyright(C) Intel Corporation 1994-2007
product......: Intel Matrix Storage Manager driver
description..: Intel Matrix Storage Manager driver - ia32
original name: iaStor.sys
internal name: iaStor.sys
file version.: 7.6.0.1011
comments.....: -ia32
signers......: Intel Corporation
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 12:35 AM 7/13/2007
verified.....: -
PEiD : - RDS : NSRL Reference Data Set
- Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.04.09 - AhnLab-V3 5.0.0.2 2010.04.09 - AntiVir 7.10.6.53 2010.04.09 - Antiy-AVL 2.0.3.7 2010.04.09 - Authentium 5.2.0.5 2010.04.09 W32/Rootkit.FHZ Avast 4.8.1351.0 2010.04.09 - Avast5 5.0.332.0 2010.04.09 - AVG 9.0.0.787 2010.04.09 - BitDefender 7.2 2010.04.09 - CAT-QuickHeal 10.00 2010.04.09 - ClamAV 0.96.0.3-git 2010.04.09 - Comodo 4548 2010.04.09 - DrWeb 5.0.2.03300 2010.04.09 - eSafe 7.0.17.0 2010.04.08 - eTrust-Vet 35.2.7417 2010.04.09 - F-Prot 4.5.1.85 2010.04.08 W32/Rootkit.FHZ F-Secure 9.0.15370.0 2010.04.09 - Fortinet 4.0.14.0 2010.04.08 - GData 19 2010.04.09 - Ikarus T3.1.1.80.0 2010.04.09 - Jiangmin 13.0.900 2010.04.09 - Kaspersky 7.0.0.125 2010.04.09 - McAfee-GW-Edition 6.8.5 2010.04.09 - Microsoft 1.5605 2010.04.09 - NOD32 5012 2010.04.09 - Norman 6.04.11 2010.04.09 - nProtect 2009.1.8.0 2010.04.06 - Panda 10.0.2.2 2010.04.08 - PCTools 7.0.3.5 2010.04.09 - Prevx 3.0 2010.04.09 - Rising 22.42.04.03 2010.04.09 - Sophos 4.52.0 2010.04.09 - Sunbelt 6155 2010.04.09 - Symantec 20091.2.0.41 2010.04.09 - TheHacker 6.5.2.0.258 2010.04.09 - TrendMicro 9.120.0.1004 2010.04.09 - VBA32 3.12.12.4 2010.04.09 - ViRobot 2010.4.9.2269 2010.04.09 - VirusBuster 5.0.27.0 2010.04.09 - Information additionnelle File size: 305176 bytes MD5 : 2358c53f30cb9dcd1d3843c4e2f299b2 SHA1 : fa19676a1ff9712cb03ef32c0c3d42308700d8bb SHA256: c3e5f2d60133b10dea52af11e192dfdc4160611f5f0a86ed66138db91532ca4a PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xC3005
timedatestamp.....: 0x4696B24A (Fri Jul 13 00:59:22 2007)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x438D6 0x43A00 6.47 3f53bf82754019af1628f21115998bd7
.rdata 0x45000 0xB5C 0xC00 5.59 26a1c3efe45e5638c8fe2071c5638ade
.data 0x46000 0x7C6E0 0x1000 4.80 e79837951a43c4ac27e20a547ff263e9
INIT 0xC3000 0xD36 0xE00 5.51 205bf2d106478ff5fce90209207a6dd3
.rsrc 0xC4000 0x458 0x600 2.60 f02cd0abe9a41626cf4f34af4b1af8ca
.reloc 0xC5000 0x1F8A 0x2000 5.54 5aaad750f379cdd27ec75eb714b06d28

( 2 imports )

> hal.dll: KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeStallExecutionProcessor, KeGetCurrentIrql
> ntoskrnl.exe: ZwClose, ZwQueryValueKey, DbgPrint, ZwOpenKey, InterlockedPopEntrySList, IofCompleteRequest, KeSetEvent, PoSetPowerState, _aullshr, IoFreeWorkItem, IoUnregisterPlugPlayNotification, ObfDereferenceObject, KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, memcpy, IoGetDeviceObjectPointer, IoQueueWorkItem, IoAllocateWorkItem, IoRegisterPlugPlayNotification, KeClearEvent, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, ObReferenceObjectByHandle, MmGetPhysicalAddress, KeCancelTimer, KeSetTimerEx, KeInitializeTimerEx, memmove, KeDelayExecutionThread, _aulldiv, strncpy, strncmp, _purecall, sprintf, _allmul, InterlockedPushEntrySList, RtlCompareMemory, IoInvalidateDeviceRelations, KeSetTimer, ExSystemTimeToLocalTime, KeQuerySystemTime, MmUnmapIoSpace, MmMapIoSpace, RtlWriteRegistryValue, ZwCreateKey, swprintf, KeLeaveCriticalRegion, KeEnterCriticalRegion, MmMapLockedPagesSpecifyCache, ExDeleteNPagedLookasideList, KeBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, PsCreateSystemThread, ExInitializeNPagedLookasideList, memset, _aulldvrm, PoRequestPowerIrp, PoStartNextPowerIrp, PoCallDriver, IoReleaseRemoveLockEx, IoAcquireRemoveLockEx, IoFreeIrp, IoAllocateIrp, IoGetAttachedDeviceReference, _alldiv, IoDeleteSymbolicLink, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoInitializeRemoveLockEx, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, IoDeleteDevice, IoDetachDevice, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, KeInitializeDpc, KeInitializeTimer, ExRegisterCallback, ExCreateCallback, IoConnectInterrupt, IoReportResourceForDetection, ExUnregisterCallback, IoDisconnectInterrupt, IoReleaseRemoveLockAndWaitEx, IoGetConfigurationInformation, KeRemoveQueueDpc, KeQueryTimeIncrement, KeTickCount, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, strncat, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObfReferenceObject, PoRegisterDeviceForIdleDetection, IoInvalidateDeviceState, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetDmaAdapter, strstr, RtlCreateRegistryKey, RtlCopyUnicodeString, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoRequestDeviceEject, KeBugCheckEx, RtlUnwind, RtlInitUnicodeString, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, _aullrem, ExFreePoolWithTag

( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 6144:1Mq0uXXatU/AUlKRHP7lq7jvlYeRcXExP:DatU4U0787jv3R1 sigcheck: publisher....: Intel Corporation
copyright....: Copyright(C) Intel Corporation 1994-2007
product......: Intel Matrix Storage Manager driver
description..: Intel Matrix Storage Manager driver - ia32
original name: iaStor.sys
internal name: iaStor.sys
file version.: 7.6.0.1011
comments.....: -ia32
signers......: Intel Corporation
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 12:35 AM 7/13/2007
verified.....: -
PEiD : - RDS : NSRL Reference Data Set
-

gen-hackman · Answer

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Lennie.Tah · Answer

ComboFix 10-04-21.01 - Maelys 23/04/2010   3:03.1.1 - x86
Microsoft® Windows Vista(TM) Édition Familiale Basique   6.0.6001.1.1252.33.1036.18.1013.300 [GMT 2:00]
Lancé depuis: c:\users\Maelys\Desktop\Maelys.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4092512666-42916747-2250049916-1003
c:\$recycle.bin\S-1-5-21-4092512666-42916747-2250049916-500
c:\$recycle.bin\S-1-5-21-4227714180-2981987459-3417282220-500

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-03-23 au 2010-04-23  ))))))))))))))))))))))))))))))))))))
.

2010-04-23 01:15 . 2010-04-23 01:15	--------	d-----w-	c:\users\Maelys\AppData\Local	emp
2010-04-23 01:15 . 2010-04-23 01:15	--------	d-----w-	c:\users\Default\AppData\Local	emp
2010-04-23 01:15 . 2010-04-23 01:15	--------	d-----w-	c:\users\Danielle\AppData\Local	emp
2010-04-23 01:15 . 2010-04-23 01:15	--------	d-----w-	c:\users\Admin\AppData\Local	emp
2010-04-17 22:20 . 2010-04-17 22:20	--------	d-----w-	c:\program files\Common Files\Java
2010-04-17 22:18 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-17 14:46 . 2010-04-17 14:46	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-17 13:38 . 2010-04-17 13:38	56766	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-17 13:38 . 2010-04-17 13:38	57679	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-04-17 13:38 . 2010-04-17 13:38	84040	----a-w-	c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-17 13:38 . 2010-04-17 13:38	54166	----a-w-	c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-17 13:38 . 2010-04-17 13:38	57532	----a-w-	c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-17 13:38 . 2010-04-17 13:38	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-04-17 13:37 . 2010-04-17 13:37	54128	----a-w-	c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-17 13:37 . 2010-04-17 13:37	57409	----a-w-	c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-14 13:01 . 2010-04-14 13:02	--------	d-----w-	c:\program files\ma-config.com
2010-04-14 13:01 . 2010-04-14 13:01	--------	d-----w-	c:\programdata\ma-config.com
2010-04-14 10:17 . 2010-02-23 11:32	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 10:17 . 2010-02-23 11:32	78848	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 10:17 . 2010-02-23 11:32	105984	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 10:17 . 2010-02-18 14:49	3598216	----a-w-	c:\windows\system32
tkrnlpa.exe
2010-04-14 10:17 . 2010-02-18 14:49	3545992	----a-w-	c:\windows\system32
toskrnl.exe
2010-04-14 10:17 . 2010-03-04 18:54	430080	----a-w-	c:\windows\system32\vbscript.dll
2010-04-14 10:16 . 2010-02-18 14:49	898952	----a-w-	c:\windows\system32\drivers	cpip.sys
2010-04-14 10:16 . 2010-02-18 14:11	190464	----a-w-	c:\windows\system32\iphlpsvc.dll
2010-04-14 10:16 . 2010-02-18 11:52	25088	----a-w-	c:\windows\system32\drivers	unnel.sys
2010-04-14 10:08 . 2010-01-15 00:04	98304	----a-w-	c:\windows\system32\cabview.dll
2010-04-14 10:08 . 2009-12-23 12:43	171520	----a-w-	c:\windows\system32\wintrust.dll
2010-04-02 23:15 . 2010-04-17 13:36	754984	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-04-02 23:15 . 2010-04-17 13:36	1180952	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-02 23:14 . 2009-07-30 00:27	529200	----a-w-	c:\programdata\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-04-02 23:14 . 2009-07-30 00:26	529200	----a-w-	c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-04-02 23:14 . 2010-04-02 23:14	56978	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-02 23:13 . 2010-04-02 23:13	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-04-02 23:11 . 2010-04-02 23:11	57054	----a-w-	c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-02 23:11 . 2010-04-02 23:11	56458	----a-w-	c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-02 23:11 . 2010-04-02 23:11	54174	----a-w-	c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-04-02 23:10 . 2010-04-02 23:10	54629	----a-w-	c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-04-02 23:10 . 2010-04-02 23:10	54101	----a-w-	c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-02 23:10 . 2010-04-02 23:10	52963	----a-w-	c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-02 23:09 . 2010-04-02 23:09	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-02 23:09 . 2010-04-02 23:09	56969	----a-w-	c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-04-02 22:59 . 2010-04-17 14:46	--------	d-----w-	c:\programdata\DivX

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 00:57 . 2009-08-28 21:28	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-04-23 00:57 . 2009-08-28 21:28	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-04-22 18:05 . 2009-08-10 20:39	1	----a-w-	c:\users\Maelys\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-19 15:55 . 2008-01-21 07:23	669566	----a-w-	c:\windows\system32\perfh00C.dat
2010-04-19 15:55 . 2008-01-21 07:23	123556	----a-w-	c:\windows\system32\perfc00C.dat
2010-04-17 22:17 . 2009-07-26 01:05	--------	d-----w-	c:\program files\Java
2010-04-17 13:38 . 2009-07-30 00:23	--------	d-----w-	c:\program files\DivX
2010-04-17 13:38 . 2009-07-30 00:26	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-04-15 16:03 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-04-15 01:00 . 2008-05-22 04:08	--------	d-----w-	c:\programdata\Microsoft Help
2010-04-14 15:06 . 2009-07-25 23:33	1356	----a-w-	c:\users\Maelys\AppData\Local\d3d9caps.dat
2010-04-04 09:48 . 2009-07-30 00:27	--------	d-----w-	c:\users\Maelys\AppData\Roaming\DivX
2010-04-02 23:09 . 2009-07-30 00:23	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-03-24 14:36 . 2009-09-28 20:29	--------	d-----w-	c:\users\Maelys\AppData\Roaming\dvdcss
2010-03-22 00:50 . 2010-01-20 21:21	--------	d-----w-	c:\program files\MP3Gain
2010-03-09 16:28 . 2010-03-31 19:39	833024	----a-w-	c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 19:39	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 19:39	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2010-03-08 17:59 . 2010-03-08 17:59	94208	----a-w-	c:\windows\system32\dpl100.dll
2010-03-05 11:50 . 2009-08-07 01:52	77648	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-05 11:50 . 2009-04-26 13:41	8224	----a-w-	c:\users\Maelys\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 13:09	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-02-19 19:27 . 2010-02-19 19:27	720384	----a-w-	c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27	856064	----a-w-	c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27	856064	----a-w-	c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27	847872	----a-w-	c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27	843776	----a-w-	c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27	839680	----a-w-	c:\windows\system32\divx_xx11.dll
2010-02-12 10:48 . 2010-03-14 02:02	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-01-25 12:48 . 2010-03-04 12:08	472576	----a-w-	c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-03-04 12:08	151040	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-03-04 12:08	151040	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-03-04 12:08	472064	----a-w-	c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-03-04 12:08	329216	----a-w-	c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-03-04 12:08	346624	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-03-04 12:08	523776	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-03-04 12:08	511488	----a-w-	c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-03-04 12:08	347136	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-03-04 12:11	2048	----a-w-	c:\windows\system32	zres.dll
2009-11-16 17:25 . 2009-11-16 17:25	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-13 768520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-16 30192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-09 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

c:\users\Maelys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4092512666-42916747-2250049916-1002]
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-25 721904]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-24 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-04-03 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 regi;regi;c:\windows\system32\driversegi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
Contenu du dossier 'Tâches planifiées'

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:32]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=FRN_FR&Sys=PTB&M=eMachines E510
uInternet Settings,ProxyServer = 172.16.0.253:3128
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
FF - ProfilePath - c:\users\Maelys\AppData\Roaming\Mozilla\Firefox\Profiles\2jpf6a6f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.urban-rivals.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player
pdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 03:15
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2010-04-23  03:20:45
ComboFix-quarantined-files.txt  2010-04-23 01:20

Avant-CF: 81 799 270 400 octets libres
Après-CF: 81 906 028 544 octets libres

- - End Of File - - AFA507F8C5DA49E057422421C129B0D8

gen-hackman · Answer

__________________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

TDL::
C:\WINDOWS\system32\DRIVERS\iaStor.sys

SkipFix::

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Lennie.Tah · Answer

ComboFix 10-04-21.01 - Maelys 23/04/2010 3:36.2.1 - x86
Microsoft® Windows Vista(TM) Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.1013.262 [GMT 2:00]
Lancé depuis: c:\users\Maelys\Desktop\Maelys.exe
Commutateurs utilisés :: c:\users\Maelys\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- Mode FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-23 au 2010-04-23 ))))))))))))))))))))))))))))))))))))
.

2010-04-23 01:38 . 2010-04-23 01:41 -------- d-----w- c:\users\Maelys\AppData\Local\temp
2010-04-23 01:38 . 2010-04-23 01:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-23 01:38 . 2010-04-23 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-23 01:38 . 2010-04-23 01:38 -------- d-----w- c:\users\Danielle\AppData\Local\temp
2010-04-23 00:59 . 2010-04-23 01:22 -------- d-----w- C:\Maelys
2010-04-17 22:20 . 2010-04-17 22:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-17 22:18 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 13:01 . 2010-04-14 13:02 -------- d-----w- c:\program files\ma-config.com
2010-04-14 13:01 . 2010-04-14 13:01 -------- d-----w- c:\programdata\ma-config.com
2010-04-14 10:17 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 10:17 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 10:17 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 10:17 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 10:17 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 10:17 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 10:16 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 10:16 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 10:16 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 10:08 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 10:08 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-02 22:59 . 2010-04-17 14:46 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 00:57 . 2009-08-28 21:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-23 00:57 . 2009-08-28 21:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-22 18:05 . 2009-08-10 20:39 1 ----a-w- c:\users\Maelys\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-19 15:55 . 2008-01-21 07:23 669566 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-19 15:55 . 2008-01-21 07:23 123556 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-17 22:17 . 2009-07-26 01:05 -------- d-----w- c:\program files\Java
2010-04-17 14:46 . 2010-04-17 14:46 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-17 13:38 . 2010-04-17 13:38 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-17 13:38 . 2009-07-30 00:23 -------- d-----w- c:\program files\DivX
2010-04-17 13:38 . 2010-04-17 13:38 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-04-17 13:38 . 2010-04-17 13:38 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-17 13:38 . 2009-07-30 00:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-17 13:38 . 2010-04-17 13:38 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-17 13:38 . 2010-04-17 13:38 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-17 13:38 . 2010-04-17 13:38 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-04-17 13:37 . 2010-04-17 13:37 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-17 13:37 . 2010-04-17 13:37 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-17 13:36 . 2010-04-02 23:15 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-17 13:36 . 2010-04-02 23:15 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-15 16:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-15 01:00 . 2008-05-22 04:08 -------- d-----w- c:\programdata\Microsoft Help
2010-04-14 15:06 . 2009-07-25 23:33 1356 ----a-w- c:\users\Maelys\AppData\Local\d3d9caps.dat
2010-04-04 09:48 . 2009-07-30 00:27 -------- d-----w- c:\users\Maelys\AppData\Roaming\DivX
2010-04-02 23:14 . 2010-04-02 23:14 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-02 23:13 . 2010-04-02 23:13 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-02 23:11 . 2010-04-02 23:11 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-02 23:11 . 2010-04-02 23:11 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-02 23:11 . 2010-04-02 23:11 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-04-02 23:10 . 2010-04-02 23:10 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-04-02 23:10 . 2010-04-02 23:10 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-02 23:10 . 2010-04-02 23:10 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-02 23:09 . 2010-04-02 23:09 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-02 23:09 . 2009-07-30 00:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-02 23:09 . 2010-04-02 23:09 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-03-24 14:36 . 2009-09-28 20:29 -------- d-----w- c:\users\Maelys\AppData\Roaming\dvdcss
2010-03-22 00:50 . 2010-01-20 21:21 -------- d-----w- c:\program files\MP3Gain
2010-03-09 16:28 . 2010-03-31 19:39 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 19:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 19:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 11:50 . 2009-08-07 01:52 77648 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-03-05 11:50 . 2009-04-26 13:41 8224 ----a-w- c:\users\Maelys\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 13:09 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 10:48 . 2010-03-14 02:02 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:48 . 2010-03-04 12:08 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-03-04 12:08 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-03-04 12:08 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-03-04 12:08 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-03-04 12:08 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-03-04 12:08 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-03-04 12:08 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-03-04 12:08 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-03-04 12:08 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-03-04 12:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-16 17:25 . 2009-11-16 17:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-13 768520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-16 30192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-09 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

c:\users\Maelys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4092512666-42916747-2250049916-1002]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-25 721904]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-24 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-04-03 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenu du dossier 'Tâches planifiées'

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:32]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 16:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=FRN_FR&Sys=PTB&M=eMachines E510
uInternet Settings,ProxyServer = 172.16.0.253:3128
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
FF - ProfilePath - c:\users\Maelys\AppData\Roaming\Mozilla\Firefox\Profiles\2jpf6a6f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.urban-rivals.com/
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\users\Maelys\AppData\Roaming\Mozilla\Firefox\Profiles\2jpf6a6f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 03:41
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spya.sys >>UNKNOWN [0x8427A938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x863a7322
\Driver\ACPI -> acpi.sys @ 0x805b2d4c
\Driver\atapi -> 0x842bb1f8
\Driver\iaStor -> iaStor.sys @ 0x822ce8e0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\igfxext.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2010-04-23 03:48:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-23 01:48
ComboFix2.txt 2010-04-23 01:20

Avant-CF: 81 924 902 912 octets libres
Après-CF: 81 905 377 280 octets libres

- - End Of File - - 233D266599BD1FDCCBE583B2043CDE43

gen-hackman · Answer

installe le service pack2 de Vista

Lennie.Tah · Answer

Je dois désinstaller quelque chose avant?

gen-hackman · Answer

non tu desctives juste l'antivirus pour ne pas gener l'installation

Lennie.Tah · Answer

D'accord! Et à part ça, à priori, c'est bon?

Merci beaucoup pour ton aide!
Et désolée de t'avoir fait perdre tant de temps.

gen-hackman · Answer

coucou ,pas sûr...

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

&#9654 Télécharge List_Kill'em et enregistre le sur ton bureau 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.

&#9654 laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

&#9654 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

drissi12 · Answer

Salut, je crois que c'est ton disque dur qui est endommager, essai d'installer Windows sur une autre partition, récupère tes documents en entrant avec le nouveau Windows et après tu peux le formater, si il bloque lors de l'installation il te faut une version de Windows 98, mais de préférence dés que tu récupère tes documents change ton disque dur.

Lennie.Tah · Answer

List'em by g3n-h@ckm@n 1.7.2.1 User : Maelys (Utilisateurs) Update on 22/04/2010 by g3n-h@ckm@n ::::: 16.15 Start at: 14:39:44 | 23/04/2010 Intel(R) Celeron(R) CPU 560 @ 2.13GHz Microsoft® Windows Vista(TM) Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall Status : Enabled C:\ -> Disque fixe local | 139,04 Go (95,16 Go free) [OS] | NTFS D:\ -> Disque CD-ROM E:\ -> Disque CD-ROM Boot: Normal ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32 askeng.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Windows\Explorer.EXE C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32 askeng.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\igfxext.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\List_Kill'em\List_Kill'em.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\List_Kill'em\pv.exe ====================== Keys "Run" ====================== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide IAAnotif REG_SZ "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" IgfxTray REG_SZ C:\Windows\system32\igfxtray.exe HotKeysCmds REG_SZ C:\Windows\system32\hkcmd.exe Persistence REG_SZ C:\Windows\system32\igfxpers.exe LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" BkupTray REG_SZ "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup Apoint REG_SZ C:\Program Files\Apoint2K\Apoint.exe RtHDVCpl REG_SZ RtHDVCpl.exe WarReg_PopUp REG_SZ C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe" DivXUpdate REG_SZ "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] ===================== Other Keys ===================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2) ConsentPromptBehaviorUser REG_DWORD 1 (0x1) EnableInstallerDetection REG_DWORD 1 (0x1) EnableLUA REG_DWORD 0 (0x0) EnableSecureUIAPaths REG_DWORD 1 (0x1) EnableVirtualization REG_DWORD 1 (0x1) PromptOnSecureDesktop REG_DWORD 1 (0x1) ValidateAdminCodeSignatures REG_DWORD 0 (0x0) dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ scforceoption REG_DWORD 0 (0x0) shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) FilterAdministratorToken REG_DWORD 0 (0x0) EnableUIADesktopToggle REG_DWORD 0 (0x0) DisableRegistryTools REG_DWORD 0 (0x0) =============== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] NoDrives REG_DWORD 0 (0x0) =============== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] NoDrives REG_DWORD 0 (0x0) =============== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLS REG_SZ C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll =============== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] ReportBootOk REG_SZ 1 Shell REG_SZ Explorer.exe Userinit REG_SZ C:\Windows\system32\userinit.exe, VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl" AutoRestartShell REG_DWORD 1 (0x1) LegalNoticeCaption REG_SZ LegalNoticeText REG_SZ PowerdownAfterShutdown REG_SZ 0 ShutdownWithoutLogon REG_SZ 0 cachedlogonscount REG_SZ 10 forceunlocklogon REG_DWORD 0 (0x0) passwordexpirywarning REG_DWORD 14 (0xe) Background REG_SZ 0 0 0 DebugServerCommand REG_SZ no WinStationsDisabled REG_SZ 0 DisableCAD REG_DWORD 1 (0x1) scremoveoption REG_SZ 0 ShutdownFlags REG_DWORD 43 (0x2b) SFCDisable REG_DWORD 0 (0x0) System REG_SZ =============== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\igfxcui] =============== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ =============== [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] =============== ActivX controls =============== [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}] [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}] =============== [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] ============== BHO : ====== [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] === DNS === HKLM\SYSTEM\CCS\Services\Tcpip\..\{402E8C45-DBC0-42E4-A5D5-0A9293A5BFCA}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\..\{830EC135-E83C-4CDF-9360-292644D53DF4}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E4AFC15D-BCB9-40EA-9533-3343F1D5E021}: DhcpNameServer=212.27.40.241 212.27.40.242 HKLM\SYSTEM\CS1\Services\Tcpip\..\{402E8C45-DBC0-42E4-A5D5-0A9293A5BFCA}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\..\{830EC135-E83C-4CDF-9360-292644D53DF4}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E4AFC15D-BCB9-40EA-9533-3343F1D5E021}: DhcpNameServer=212.27.40.241 212.27.40.242 HKLM\SYSTEM\CS2\Services\Tcpip\..\{402E8C45-DBC0-42E4-A5D5-0A9293A5BFCA}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS2\Services\Tcpip\..\{830EC135-E83C-4CDF-9360-292644D53DF4}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E4AFC15D-BCB9-40EA-9533-3343F1D5E021}: DhcpNameServer=212.27.40.241 212.27.40.242 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 ================ Internet Explorer : ================ [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ https://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=EM&Loc=FRN_FR&Sys=PTB&M=eMachines E510 Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ https://www.google.fr/?gws_rd=ssl Local Page REG_SZ C:\Windows\system32\blank.htm Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ======== Services ======== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] Ndisuio : 0x3 ( OK = 3 ) EapHost : 0x3 ( OK = 2 ) Wlansvc : 0x2 ( OK = 2 ) SharedAccess : 0x2 ( OK = 2 ) windefend : 0x2 ( OK = 2 ) wuauserv : 0x2 ( OK = 2 ) wscsvc : 0x2 ( OK = 2 ) ======== Safemode ======== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !! ========= Atapi.sys ========= C:\Windows\ERDNT\cache\atapi.sys : MD5 :: [2d9c903dc76a66813d350a562de40ed9] SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3] C:\Windows\System32\drivers\atapi.sys : MD5 :: [2d9c903dc76a66813d350a562de40ed9] SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3] C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys : MD5 :: [4f4fcb8b6ea06784fb6d475b7ec7300f] SHA256 :: [6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896] C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys : MD5 :: [2d9c903dc76a66813d350a562de40ed9] SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3] C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys : MD5 :: [2d9c903dc76a66813d350a562de40ed9] SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3] Référence : ========== Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867 Win XP_32b : a64013e98426e1877cb653685c5c0009 Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51 Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674 Vista_32b : e03e8c99d15d0381e02743c36afc7c6f Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9 Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4 Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e ======= Drive : ======= D'fragmenteur de disque Windows Copyright (c) 2006 Microsoft Corp. Rapport d'analyse pour le volume C: OS Taille du volume = 139 Go Espace libre = 95.17 Go tendue d'espace libre la plus grande = 51.13 Go Pourcentage de fragmentation des fichiers = 2 % Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation. Il n'est pas n'cessaire de d'fragmenter ce volume. ¤¤¤¤¤¤¤¤¤¤ Files/folders : Present !! : C:\Program Files\DAEMON Tools Toolbar Present !! : C:\Windows\System32\ACTSKN43.ocx Present !! : C:\Windows\System32\drivers\etc\hosts.msn Present !! : C:\Windows\System32\drivers\wudfpf.sys Present !! : C:\Windows\System32\drivers\wudfrd.sys" Present !! : C:\Users\Maelys\AppData\Local\d3d9caps.dat Present !! : C:\Users\Maelys\AppData\Local\GDIPFONTCACHEV1.DAT ¤¤¤¤¤¤¤¤¤¤ Keys : Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives Present !! : HKEY_USERS\S-1-5-21-4092512666-42916747-2250049916-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives ============ catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-23 14:58:10 Windows 6.0.6001 Service Pack 1 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spha.sys >>UNKNOWN [0x8427A938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x842bb1f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] cval REG_DWORD 1 (0x1) FirewallDisableNotify REG_DWORD 0 (0x0) AntiVirusDisableNotify REG_DWORD 0 (0x0) UpdatesDisableNotify REG_DWORD 0 (0x0) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ End of scan : 14:58:12,32

gen-hackman · Answer

&#9654 Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654 choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

&#9654 colle le contenu dans ta reponse

Lennie.Tah · Answer

Kill'em by g3n-h@ckm@n 1.7.2.1 
 
User : Maelys (Utilisateurs) 
Update on 22/04/2010 by g3n-h@ckm@n ::::: 16.15
Start at: 15:50:50 | 23/04/2010

Intel(R) Celeron(R) CPU          560  @ 2.13GHz
Microsoft® Windows Vista(TM) Édition Familiale Basique  (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 139,04 Go (95,05 Go free) [OS] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32unonce.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
 
¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\Program Files\DAEMON Tools Toolbar 
 
Quarantined & Deleted !! : C:\Windows\System32\ACTSKN43.ocx 
Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn 
Quarantined & Deleted !! : C:\Windows\system32\drivers\wudfpf.sys 
Quarantined & Deleted !! : C:\Windows\system32\drivers\wudfrd.sys 
Quarantined & Deleted !! : C:\Users\Maelys\AppData\Local\d3d9caps.dat 
Quarantined & Deleted !! : C:\Users\Maelys\AppData\Local\GDIPFONTCACHEV1.DAT 
 
==============
host file OK !
==============

========
Registry
========

Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.com/?gws_rd=ssl
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Search Page	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
cval	REG_DWORD      	1 (0x1) 
FirewallDisableNotify	REG_DWORD      	0 (0x0) 
AntiVirusDisableNotify	REG_DWORD      	0 (0x0) 
UpdatesDisableNotify	REG_DWORD      	0 (0x0) 
FirstRunDisabled	REG_DWORD      	1 (0x1) 
AntiVirusOverride	REG_DWORD      	1 (0x1) 
FirewallOverride	REG_DWORD      	1 (0x1) 
 
========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Wlansvc : Start = 2   
 SharedAccess : Start = 2   
 windefend : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
anti-ver blaster : OK 
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

https://forums.commentcamarche.net/forum/affich-17479294-virus-ou-probleme-de-logiciels?full#38

Lennie.Tah · Answer

Pardon...?

Lennie · Answer

Voilà qu'il récidive...
Il s'est éteint brusquement à nouveau.

C'est peut-être bien le ventilateur...

Arc-Atmos · Answer

re salut c'est l'allimentation pour le ventilo s'il redémarre c'est parceque tu execute une application flash et donc ton ventilo ne rafrechi plus la carte mer ou sinon dépoussierre le

gen-hackman · Answer

Arc-Atmos à l'air de s'y connaitre je le laisse faire ^^

Arc-Atmos · Answer

merci sans vouloir me vanter mais c'est parceque j'ai deja eu ces problemes la

Arc-Atmos · Answer

euh gen-hackman t'as un lien vers ce fichier la stp ? : vcl30.dpl (librairie delphi) j'veux pas telecharger l'ide (connection merdique)

gen-hackman · Answer

salut ::
https://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=telecharger+vcl30.dpl&gws_rd=ssl

Arc-Atmos · Answer

lien mort et j'ai dja cherché sur google il mettent que des liens trojan ou des version antérieures du fichier

gen-hackman · Answer

http://www.keitheater.be/gastenboek.html

Lennie · Answer

Oui, alimentation, j'avais oublié ^^

En tout cas merci à tous les deux!

Arc-Atmos · Answer

mais derien

Virus ou problème de logiciels?

58 réponses

Votre réponse

Discussions similaires

Newsletters