Virus droit d'auteur

Résolu
waerbenn -  
 Utilisateur anonyme -
bonsoir,

j'ai un virus qui m'empeche d'avoir accès à mon bureau, avec une page "violation de droits d'auteurs...", j'ai réussi à avoir de nouveau accès au bureau, mais dès que j'allume mon ordinateur, le virus revient.
De plus j'ai appliqué comme mentionné dans un topic list kill'em option 1 puis 2 mais il reste toujours au demarage
que dois je faire pour l'enlever totalement?

merci de votre aide.
A voir également:

96 réponses

Précédent
Réponse 21 / 96
Utilisateur anonyme
 
non dans C:\
0
Réponse 22 / 96
waerbenn
 
il n'y a que le list'em.txt
0
Réponse 23 / 96
Utilisateur anonyme
 
▶ Télécharge : Gmer (by Przemyslaw Gmerek)


▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
0
Réponse 24 / 96
waerbenn
 
fatigue à bord .........

Kill'em by g3n-h@ckm@n 1.7.2.6

User : HOUSE (Administrateurs)
Update on 02/05/2010 by g3n-h@ckm@n ::::: 14.30
Start at: 01:06:20 | 03/05/2010

Intel(R) Pentium(R) 4 CPU 3.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G Data AntiVirus 2010 18.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (3,74 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,46 Go free) [??????] | NTFS
E:\ -> Disque fixe local | 48,83 Go (34,19 Go free) [Logiciel] | NTFS
F:\ -> Disque fixe local | 121,55 Go (79,14 Go free) [Download] | NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque fixe local | 249,25 Go (149,81 Go free) [Video] | NTFS
J:\ -> Disque fixe local | 8,02 Go (1,84 Go free) [Divers] | NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
N:\ -> Disque fixe local | 232,83 Go (113,65 Go free) [My Book] | FAT32


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :


Quarantined & Deleted !! : C:\WINDOWS\System32\lowsec
Quarantined & Deleted !! : C:\WINDOWS\System32\sdra64.exe
Quarantined & Deleted !! : C:\WINDOWS\Temp\1b421ff073c71ca0df67652c.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\1b458c6a8356e59095c8c0f0.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\1e71af8e4d0ed4ab56adba2.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\1f486b8faf3f84e5fb444a13.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\1fa93606d9dd6247979d677b.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\223845fd654195ac29e949d7.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\2872541d16aac408f7fb16b8.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\30f6c5c55db44fdb160ef90a.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\3d7cde167bc349dca320868f.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\3fe58a54cce201706442afaf.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\51498ca19bd2887c4f9d4443.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\60d0991555060b1282ae439f.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\63c2f2f01c088fc8290f4e5b.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\65daa6f54acc77508dfbba6b.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\6b2a3377b427eb59a73ef843.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\73444c1659f6db1df1f0fc5.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\831d335fa7952c3b9ba279f7.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\8790c4cc297b103c83003e6d.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\890156096790f52674079919.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\8e03167d76df269bc5f557c.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\97acda90e508bd067b000524.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\a27d4ee51b68024931a83084.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\a2f7dc06afc9badbbaf16b0a.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\a3cd8e8a9eda23e87e83e3bf.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\a3d240ce72dc6c3af127cb8d.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\a74bd5b78aed0bf61b8f52c7.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\a96470d6e98d574684fad2bf.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\ae1d8862a7da3d79223b184f.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\ae961390983bc440e1bae649.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk10.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk11.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk12.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk13.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk14.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk16.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk17.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk18.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk19.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk1A.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk1B.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk32.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk33.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk34.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk4.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk5.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk6.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk7.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk8.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avk9.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avkA.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avkB.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avkC.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avkD.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avkE.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\avkF.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\b983eca129c772521cd1f287.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\bc7f6091622a983f610eb1b0.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\bff0670a506e7f41ad1f5f93.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\c1095a5ba57e03fe691a2e72.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\c46bd803bc51c9aab98f6f45.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\ca91227644871479c714e647.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\cc40fb17eb1f27d61e006238.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\cc4f9b6ef901051b39a3dba.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\ce4b0cf9f5b8b7a4d439178.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\d06e99bbca66143dbfe74334.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\d1c0aef773952b9b950c8f94.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\ddbf77031dfc01a5be21b2f5.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\e8417093b74c0cff99cd71c6.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\edf65f5ed2b8eb5bbf9d64e.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\f9ef47693d46783481fb7dbe.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\GUR2.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\GUR3.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc10.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc11.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc12.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc13.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc14.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc15.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc16.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc17.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc18.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc19.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc1A.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc1B.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc1C.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc1D.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc1E.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc1F.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc20.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc21.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc22.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc23.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc24.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc25.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc4.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc5.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc6.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc7.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc8.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkc9.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkcA.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkcB.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkcC.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkcD.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkcE.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\hkcF.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\is269.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\is26B.tmp
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\Application data\sdra64.exe
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\Bureau\ARManager.lnk
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_12c.dat
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_178.dat
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_928.dat
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_950.dat
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_9ec.dat
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_dc8.dat
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_e54.dat
Quarantined & Deleted !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_ec8.dat
Deleted !! : C:\RECYCLER\S-1-5-21-527237240-1788223648-839522115-1004\Dc1.lnk
Deleted !! : C:\RECYCLER\S-1-5-21-527237240-1788223648-839522115-1004\Dc2.exe
Deleted !! : C:\RECYCLER\S-1-5-21-527237240-1788223648-839522115-1004\Dc3.txt
Deleted !! : C:\RECYCLER\S-1-5-21-527237240-1788223648-839522115-1004\Dc4.txt

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\armanager
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7}
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 96
Utilisateur anonyme
 
fais gMer quand meme stp
0
Réponse 26 / 96
waerbenn
 
L'ordi a planté, mais je n'ai pas vu de lignes rouges à la fin du scan.....
Je verrais çà demain
Mais j'ai toujours ce virus..........
0
Réponse 27 / 96
Utilisateur anonyme
 
ok demain on tapera plus fort alors ;)
0
Réponse 28 / 96
waerbenn
 
voici le rapport en deux parties:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-03 08:22:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HOUSE\LOCALS~1\Temp\axtdapog.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF7783B3A]
SSDT sptd.sys ZwEnumerateKey [0xF7783C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7783FF6]
SSDT sptd.sys ZwOpenKey [0xF7783A18]
SSDT sptd.sys ZwQueryKey [0xF77840C0]
SSDT sptd.sys ZwQueryValueKey [0xF7783F58]
SSDT sptd.sys ZwSetValueKey [0xF7784148]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD2893.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F74104D0 16 Bytes [43, 3E, 14, EF, 34, 17, CD, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F74104E1 31 Bytes [F0, 40, F7, 54, DF, FB, 1C, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 01C8D074
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 01C8D1D2
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 01C91C6D
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!GetClipboardData 7E3B0DBA 5 Bytes JMP 01C91DA2
.text C:\WINDOWS\system32\services.exe[700] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01C8952A
.text C:\WINDOWS\system32\services.exe[700] WS2_32.dll!send 719F4C27 5 Bytes JMP 01C8955E
.text C:\WINDOWS\system32\services.exe[700] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 01C8957B
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 01C8B965
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!HttpQueryInfoA 404B878D 5 Bytes JMP 01C8BA0C
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 01C8B9CD
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!InternetQueryDataAvailable 404BBF7F 5 Bytes JMP 01C8B9AA
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 01C8B8D9
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 01C8B8FB
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!InternetReadFileExA 404D3381 5 Bytes JMP 01C8B987
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!HttpSendRequestExA 4052A70A 5 Bytes JMP 01C8B941
.text C:\WINDOWS\system32\services.exe[700] WININET.dll!HttpSendRequestExW 4052A763 5 Bytes JMP 01C8B91D
.text C:\WINDOWS\system32\services.exe[700] CRYPT32.dll!PFXImportCertStore 77A4FF8F 5 Bytes JMP 01C9148F
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00D3D074
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 00D3D1D2
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 00D41C6D
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!GetClipboardData 7E3B0DBA 5 Bytes JMP 00D41DA2
.text C:\WINDOWS\system32\lsass.exe[712] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00D3952A
.text C:\WINDOWS\system32\lsass.exe[712] WS2_32.dll!send 719F4C27 5 Bytes JMP 00D3955E
.text C:\WINDOWS\system32\lsass.exe[712] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00D3957B
.text C:\WINDOWS\system32\lsass.exe[712] CRYPT32.dll!PFXImportCertStore 77A4FF8F 5 Bytes JMP 00D4148F
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 00D3B965
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!HttpQueryInfoA 404B878D 5 Bytes JMP 00D3BA0C
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 00D3B9CD
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!InternetQueryDataAvailable 404BBF7F 5 Bytes JMP 00D3B9AA
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 00D3B8D9
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 00D3B8FB
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!InternetReadFileExA 404D3381 5 Bytes JMP 00D3B987
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!HttpSendRequestExA 4052A70A 5 Bytes JMP 00D3B941
.text C:\WINDOWS\system32\lsass.exe[712] WININET.dll!HttpSendRequestExW 4052A763 5 Bytes JMP 00D3B91D
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 026CD074
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00EAD074
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 00EAD1D2
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 00EB1C6D
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!GetClipboardData 7E3B0DBA 5 Bytes JMP 00EB1DA2
.text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00EA952A
.text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!send 719F4C27 5 Bytes JMP 00EA955E
.text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00EA957B
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 00EAB965
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!HttpQueryInfoA 404B878D 5 Bytes JMP 00EABA0C
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 00EAB9CD
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!InternetQueryDataAvailable 404BBF7F 5 Bytes JMP 00EAB9AA
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 00EAB8D9
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 00EAB8FB
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!InternetReadFileExA 404D3381 5 Bytes JMP 00EAB987
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!HttpSendRequestExA 4052A70A 5 Bytes JMP 00EAB941
.text C:\WINDOWS\system32\svchost.exe[1084] WININET.dll!HttpSendRequestExW 4052A763 5 Bytes JMP 00EAB91D
.text C:\WINDOWS\system32\svchost.exe[1084] CRYPT32.dll!PFXImportCertStore 77A4FF8F 5 Bytes JMP 00EB148F
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 0213D074
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 0213D1D2
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 02141C6D
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!GetClipboardData 7E3B0DBA 5 Bytes JMP 02141DA2
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 0213952A
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!send 719F4C27 5 Bytes JMP 0213955E
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0213957B
.text C:\WINDOWS\system32\svchost.exe[1252] CRYPT32.dll!PFXImportCertStore 77A4FF8F 5 Bytes JMP 0214148F
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 0213B965
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!HttpQueryInfoA 404B878D 5 Bytes JMP 0213BA0C
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 0213B9CD
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!InternetQueryDataAvailable 404BBF7F 5 Bytes JMP 0213B9AA
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 0213B8D9
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 0213B8FB
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!InternetReadFileExA 404D3381 5 Bytes JMP 0213B987
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!HttpSendRequestExA 4052A70A 5 Bytes JMP 0213B941
.text C:\WINDOWS\system32\svchost.exe[1252] WININET.dll!HttpSendRequestExW 4052A763 5 Bytes JMP 0213B91D
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 0078D074
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 0078D1D2
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 00791C6D
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!GetClipboardData 7E3B0DBA 5 Bytes JMP 00791DA2
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 0078952A
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!send 719F4C27 5 Bytes JMP 0078955E
.text C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0078957B
.text C:\WINDOWS\system32\svchost.exe[1328] CRYPT32.dll!PFXImportCertStore 77A4FF8F 5 Bytes JMP 0079148F
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 0078B965
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!HttpQueryInfoA 404B878D 5 Bytes JMP 0078BA0C
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 0078B9CD
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetQueryDataAvailable 404BBF7F 5 Bytes JMP 0078B9AA
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 0078B8D9
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 0078B8FB
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!InternetReadFileExA 404D3381 5 Bytes JMP 0078B987
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!HttpSendRequestExA 4052A70A 5 Bytes JMP 0078B941
.text C:\WINDOWS\system32\svchost.exe[1328] WININET.dll!HttpSendRequestExW 4052A763 5 Bytes JMP 0078B91D
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 009ED074
.text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 009ED1D2
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 009F1C6D
.text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetClipboardData 7E3B0DBA 5 Bytes JMP 009F1DA2
.text C:\WINDOWS\system32\svchost.exe[1460] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 009E952A
.text C:\WINDOWS\system32\svchost.exe[1460] WS2_32.dll!send 719F4C27 5 Bytes JMP 009E955E
.text C:\WINDOWS\system32\svchost.exe[1460] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 009E957B
.text C:\WINDOWS\system32\svchost.exe[1460] CRYPT32.dll!PFXImportCertStore 77A4FF8F 5 Bytes JMP 009F148F
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 009EB965
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!HttpQueryInfoA 404B878D 5 Bytes JMP 009EBA0C
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 009EB9CD
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!InternetQueryDataAvailable 404BBF7F 5 Bytes JMP 009EB9AA
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!HttpSendRequestW 404BFABE 5 Bytes JMP 009EB8D9
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 009EB8FB
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!InternetReadFileExA 404D3381 5 Bytes JMP 009EB987
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!HttpSendRequestExA 4052A70A 5 Bytes JMP 009EB941
.text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!HttpSendRequestExW 4052A763 5 Bytes JMP 009EB91D
.text C:\WINDOWS\explorer.exe[1868] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00EA2862
.text C:\WINDOWS\explorer.exe[1868] WS2_32.dll!send 719F4C27 5 Bytes JMP 00EA26EE
.text C:\WINDOWS\explorer.exe[1868] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00EA27E0
.text C:\WINDOWS\explorer.exe[1868] WS2_32.dll!recv 719F676F 5 Bytes JMP 00EA2726
.text C:\WINDOWS\explorer.exe[1868] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00EA275E
0
Réponse 29 / 96
waerbenn
 
---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F778CDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77A271E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F778D3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F778D2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F778D482] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77A2032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F778CF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F77A1C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F778CE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F777FA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F777FB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F777FAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F77806CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F77805A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77A2864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7791F78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F77A1C76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77A2864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F777F020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F777F020] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F850E8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Fastfat \FatCdrom 866E2730
Device \Driver\00000475 \Device\00000053 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD20E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD20E8
Device \Driver\Cdrom \Device\CdRom0 86FD2C78
Device \FileSystem\Rdbss \Device\FsWrap 86745730
Device \Driver\Ftdisk \Device\HarddiskVolume3 86FD20E8
Device \Driver\Cdrom \Device\CdRom1 86FD2C78
Device \Driver\atapi \Device\Ide\IdePort0 [F76F8B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7794442; RET }
Device \Driver\atapi \Device\Ide\IdePort0 864A34F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F76F8B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7794442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 864A34F8
Device \Driver\atapi \Device\Ide\IdePort1 [F76F8B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7794442; RET }
Device \Driver\atapi \Device\Ide\IdePort1 864A34F8
Device \Driver\atapi \Device\Ide\IdePort2 [F76F8B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7794442; RET }
Device \Driver\atapi \Device\Ide\IdePort2 864A34F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F76F8B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7794442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 864A34F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F76F8B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7794442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 864A34F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F76F8B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7794442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 864A34F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 86FD20E8
Device \Driver\Cdrom \Device\CdRom2 86FD2C78
Device \Driver\Ftdisk \Device\HarddiskVolume5 86FD20E8
Device \Driver\Cdrom \Device\CdRom3 86FD2C78
Device \Driver\Ftdisk \Device\HarddiskVolume6 86FD20E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 86FD20E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86747C68
Device \Driver\NetBT \Device\NetbiosSmb 86747C68
Device \Driver\Disk \Device\Harddisk0\DR0 86FD24D0
Device \Driver\Disk \Device\Harddisk1\DR1 86FD24D0
Device \Driver\Disk \Device\Harddisk2\DR2 86FD24D0
Device \Driver\Disk \Device\Harddisk3\DR9 86FD24D0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+c 86FD24D0
Device \Driver\Disk \Device\Harddisk4\DR10 86FD24D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 867390E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 867390E8
Device \Driver\USBSTOR \Device\0000007c 8673FEB0
Device \FileSystem\Npfs \Device\NamedPipe 868B1770
Device \Driver\USBSTOR \Device\0000007d 8673FEB0
Device \Driver\Ftdisk \Device\FtControl 86FD20E8
Device \Driver\USBSTOR \Device\0000007e 8673FEB0
Device \FileSystem\Msfs \Device\Mailslot 868A8EB0
Device \Driver\USBSTOR \Device\0000007f 8673FEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E8D91296-A4DB-4479-9261-C8265FACC511} 86747C68
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 86FD2788
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 86A450E8
Device \Driver\iteraid \Device\Scsi\iteraid1 86FD2A40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target1Lun0 86A450E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 86A450E8
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port4Path3Target1fLun0 86FD2788
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target1Lun0 86FD2A40
Device \FileSystem\Fastfat \Fat 866E2730

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Cdfs \Cdfs 86632EB0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x26 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x7A 0xAB 0x7F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x1C 0x59 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x95 0x4E 0xC8 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x26 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x7A 0xAB 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x1C 0x59 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x95 0x4E 0xC8 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 923514666
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -57931988
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -2131021717
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x26 0x1D 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x7A 0xAB 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x1C 0x59 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x95 0x4E 0xC8 0xC1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x26 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x7A 0xAB 0x7F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x1C 0x59 0xEB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x95 0x4E 0xC8 0xC1 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----
0
Réponse 30 / 96
Utilisateur anonyme
 
bonjour :


/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.



0
Réponse 31 / 96
waerbenn
 
premiere partie:
ComboFix 10-05-02.03 - HOUSE 03/05/2010 13:30:17.1.2 - x86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.789 [GMT 2:00]
Lancé depuis: c:\documents and settings\HOUSE\Bureau\benn.exe
AV: G Data AntiVirus 2010 *On-access scanning disabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HOUSE\Application Data\ARManager
c:\documents and settings\HOUSE\Application Data\ARManager\apmanager.exe
c:\documents and settings\HOUSE\Application Data\ARManager\files
c:\documents and settings\HOUSE\Application Data\ARManager\iplog
c:\documents and settings\HOUSE\Application Data\ARManager\ispinfo
c:\documents and settings\HOUSE\Application Data\ARManager\languages\Czech.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\Danish.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\Dutch.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\English.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\French.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\German.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\Italian.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\Portuguese.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\Slovak.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\Spanish.lng
c:\documents and settings\HOUSE\Application Data\ARManager\languages\template.lng
c:\documents and settings\HOUSE\Application Data\ARManager\settings.ini
c:\documents and settings\HOUSE\Application Data\ARManager\shot.jpeg
c:\documents and settings\HOUSE\Application Data\ARManager\uninstall.exe
c:\documents and settings\HOUSE\Application Data\ARManager\wallpaper.jpg
c:\windows\system32\driVERs\ybbarsxp.sys
c:\windows\system32\eventmgr.exe
c:\windows\system32\lowsec
c:\windows\system32\uninstall.exe
N:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ybbarsxp
-------\Service_ybbarsxp


((((((((((((((((((((((((((((( Fichiers créés du 2010-04-03 au 2010-05-03 ))))))))))))))))))))))))))))))))))))
.

2010-05-03 11:17 . 2010-05-03 11:29 -------- d-----w- C:\benn
2010-05-02 22:42 . 2010-05-02 23:06 -------- d-----w- C:\Kill'em
2010-05-01 19:49 . 2010-05-02 23:34 -------- d-----w- c:\program files\List_Kill'em
2010-05-01 12:56 . 2010-05-01 12:56 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-05-01 12:56 . 2010-05-01 12:56 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-05-01 12:56 . 2010-05-01 12:56 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-05-01 12:55 . 2010-05-01 12:55 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-04-30 19:21 . 2010-04-30 19:23 -------- d-----w- c:\documents and settings\HelpAssistant\Favoris
2010-04-30 19:21 . 2009-06-15 19:32 -------- d-sh--w- c:\documents and settings\HelpAssistant\IETldCache
2010-04-30 19:21 . 2007-03-06 20:19 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Démarrer
2010-04-30 19:21 . 2010-05-03 11:18 -------- d-----w- c:\documents and settings\HelpAssistant
2010-04-30 19:21 . 2007-03-06 20:19 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage réseau
2010-04-30 19:21 . 2007-03-06 20:19 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage d'impression
2010-04-30 19:21 . 2007-03-06 19:28 -------- d--h--w- c:\documents and settings\HelpAssistant\Modèles
2010-04-30 19:15 . 2010-04-30 19:15 1342 ----a-w- c:\documents and settings\HOUSE\Application Data\F64BD66C112C2938974D97D41CE0A5B9\gotnewupdate.exe
2010-04-30 19:15 . 2010-04-30 19:15 -------- d-----w- c:\documents and settings\HOUSE\Application Data\F64BD66C112C2938974D97D41CE0A5B9

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 18:32 . 2004-08-05 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-02 18:32 . 2004-08-05 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-01 12:41 . 2010-05-01 12:41 -------- d-----w- c:\documents and settings\HOUSE\Application Data\Malwarebytes
2010-05-01 12:41 . 2010-05-01 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 12:40 . 2010-05-01 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-29 13:39 . 2010-05-01 12:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-05-01 12:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 08:05 . 2007-03-07 16:45 51152 ----a-w- c:\documents and settings\HOUSE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 05:58 . 2007-03-12 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 13:29 . 2010-04-03 07:21 -------- d-----w- c:\program files\Google
2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2004-08-05 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2004-08-04 00:49 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-23 18:50 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2007-03-06 20:49 . 2007-03-06 20:49 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AOLSAV"="c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-02-27 73728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe" [2009-09-07 925768]
"Adobe Version Cue CS2"="e:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAID Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\RAID Manager.lnk
backup=c:\windows\pss\RAID Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HOUSE^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
path=c:\documents and settings\HOUSE\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 00:08 483328 ----a-w- e:\adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 00:18 57344 ----a-w- e:\adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-06 15:53 856064 ----a-w- e:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-06-21 10:01 70952 ----a-r- c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
2002-12-06 15:07 617984 ----a-w- c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2004-06-17 11:22 970752 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 08:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-06-10 20:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-05-07 14:28 591696 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-11-17 13:16 50736 ----a-w- c:\program files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2004-06-08 11:31 29696 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2007-03-27 13:58 1744896 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 07:55 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-17 07:55 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 11:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-03-07 17:06 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-10-18 16:10 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-09 20:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
0
Réponse 32 / 96
waerbenn
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"e:\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"e:\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1173378459\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\aoltpspd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\world pker\\WPTFreePlay.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\lphant\\eLePhantClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4910:TCP"= 4910:TCP:Services
"8320:TCP"= 8320:TCP:Services

R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [29/11/2009 13:00 28616]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [06/03/2007 21:51 24971]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/03/2007 20:27 642560]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [29/11/2009 13:06 68976]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [27/10/2009 13:19 1054792]
S2 AVKService;Planificateur G Data;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [12/08/2009 09:04 397896]
S2 AVKWCtl;G Data Gardien;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [26/10/2009 14:50 1251488]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [29/11/2009 13:01 51784]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/04/2010 09:21 136176]
S3 ACCSKMD;Canon Camera Storage Device;c:\windows\system32\drivers\accskmd.sys [13/05/2003 21:50 32640]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [17/11/2009 23:54 1275584]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [30/08/2007 21:09 55624]
S3 GDScan;G Data Scanner;c:\program files\Fichiers communs\G DATA\GDScan\GDScan.exe [27/07/2009 03:03 302152]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [29/11/2009 13:01 34632]
S3 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]
S3 scsiscan;Pilote de scanneur SCSI;c:\windows\system32\drivers\scsiscan.sys [07/03/2007 00:00 11520]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [06/03/2007 21:46 258560]
.
Contenu du dossier 'Tâches planifiées'

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 07:21]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 07:21]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: &Tout télécharger avec FlashGet - e:\flashget\jc_all.htm
IE: &Télécharger avec FlashGet - e:\flashget\jc_link.htm
IE: Convertir en Adobe PDF - e:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - e:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - e:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - e:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - e:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - e:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - e:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - e:\adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - e:\micros~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp06.photoprintit.de/microsite/2697/defaults/activex/IPSUploader.cab
FF - ProfilePath - c:\documents and settings\HOUSE\Application Data\Mozilla\Firefox\Profiles\63dkqksz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: e:\adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-Control Center - c:\program files\ASUS\WLAN Card Utilities\Center.exe
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 13:46
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x86FD24D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86fd24d0
\Driver\ACPI -> ACPI.sys @ 0xf773ecb8
\Driver\atapi -> atapi.sys @ 0xf76f9b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf75a3bb0
PacketIndicateHandler -> NDIS.sys @ 0xf75b0a21
SendHandler -> NDIS.sys @ 0xf758e87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x025429800
malicious code @ sector 0x025429803 !
PE file found in sector at 0x025429819 !

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-527237240-1788223648-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:62,40,2e,fc,ca,47,dc,2a,69,10,fb,ee,a0,7f,24,b1,c1,33,62,e6,a0,43,c8,
f2,46,64,e1,e1,f2,a8,c3,10,37,7f,62,67,0e,bd,b2,03,03,1d,be,c8,7c,b2,f6,bf,\
"??"=hex:0c,3f,c4,88,33,7a,42,c2,a7,fa,69,97,89,6f,fb,51
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-05-03 13:50:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-03 11:50

Avant-CF: 3 722 735 616 octets libres
Après-CF: 30 203 789 312 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 17C2E1246595AA53DE0DAEB7603B9934
0
Réponse 33 / 96
Utilisateur anonyme
 
redemarre en mode sans echec , et refais gmer stp
0
Réponse 34 / 96
waerbenn
 
ok je t'envoi le rapport asap !
0
Réponse 35 / 96
waerbenn
 
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-03 14:39:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HOUSE\LOCALS~1\Temp\axtdapog.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF7784B3A]
SSDT sptd.sys ZwEnumerateKey [0xF7784C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7784FF6]
SSDT sptd.sys ZwOpenKey [0xF7784A18]
SSDT sptd.sys ZwQueryKey [0xF77850C0]
SSDT sptd.sys ZwQueryValueKey [0xF7784F58]
SSDT sptd.sys ZwSetValueKey [0xF7785148]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD2893.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? Combo-Fix.sys Le fichier spécifié est introuvable. !
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F74114D0 16 Bytes [F3, 2C, B7, A1, B7, A9, 27, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 12 F74114E2 30 Bytes [41, F7, 3B, 31, 4A, 40, 80, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\DOCUME~1\HOUSE\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. !
? C:\benn13372b\catchme.sys Le chemin d'accès spécifié est introuvable. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F778DDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77A371E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F778E3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F778E2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F778E482] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77A3032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F778DF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F77A2C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F778DE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7780A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7780B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7780AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F77816CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F77815A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77A3864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7792F78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F77A2C76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77A3864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7780020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7780020] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F850E8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Fastfat \FatCdrom 86753AD8
Device \Driver\00000466 \Device\00000053 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD20E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD20E8
Device \Driver\Cdrom \Device\CdRom0 86FD2C78
Device \FileSystem\Rdbss \Device\FsWrap 8687E290
Device \Driver\Ftdisk \Device\HarddiskVolume3 86FD20E8
Device \Driver\Cdrom \Device\CdRom1 86FD2C78
Device \Driver\atapi \Device\Ide\IdePort0 [F76F9B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7795442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F76F9B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7795442; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F76F9B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7795442; RET }
Device \Driver\atapi \Device\Ide\IdePort2 [F76F9B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7795442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F76F9B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7795442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F76F9B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7795442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F76F9B40] atapi.sys[unknown section] {MOV EAX, 0x86fd2dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7795442; RET }
Device \Driver\Ftdisk \Device\HarddiskVolume4 86FD20E8
Device \Driver\Cdrom \Device\CdRom2 86FD2C78
Device \Driver\Ftdisk \Device\HarddiskVolume5 86FD20E8
Device \Driver\Cdrom \Device\CdRom3 86FD2C78
Device \Driver\Ftdisk \Device\HarddiskVolume6 86FD20E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 86FD20E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86AF1EB0
Device \Driver\NetBT \Device\NetbiosSmb 86AF1EB0
Device \Driver\Disk \Device\Harddisk0\DR0 86FD24D0
Device \Driver\Disk \Device\Harddisk1\DR1 86FD24D0
Device \Driver\Disk \Device\Harddisk2\DR2 86FD24D0
Device \Driver\Disk \Device\Harddisk3\DR9 86FD24D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A58EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86A58EB0
Device \Driver\USBSTOR \Device\0000007c 8685BEB0
Device \FileSystem\Npfs \Device\NamedPipe 86A43EB0
Device \Driver\USBSTOR \Device\0000007d 8685BEB0
Device \Driver\Ftdisk \Device\FtControl 86FD20E8
Device \FileSystem\Msfs \Device\Mailslot 868A85F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E8D91296-A4DB-4479-9261-C8265FACC511} 86AF1EB0
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 86FD2788
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 869FD910
Device \Driver\iteraid \Device\Scsi\iteraid1 86FD2A40
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target1Lun0 869FD910
Device \Driver\dtscsi \Device\Scsi\dtscsi1 869FD910
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port4Path3Target1fLun0 86FD2788
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target1Lun0 86FD2A40
Device \FileSystem\Fastfat \Fat 86753AD8

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Cdfs \Cdfs 86828AF0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x26 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x7A 0xAB 0x7F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x1C 0x59 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x95 0x4E 0xC8 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x26 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x7A 0xAB 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x1C 0x59 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x95 0x4E 0xC8 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 923514666
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -57931988
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -2131021717
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x26 0x1D 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x7A 0xAB 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x1C 0x59 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x95 0x4E 0xC8 0xC1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x26 0x1D 0x21 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0x7A 0xAB 0x7F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x1C 0x59 0xEB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x95 0x4E 0xC8 0xC1 ...

---- EOF - GMER 1.0.15 ----
0
Réponse 36 / 96
waerbenn
 
quel fichier combofix ? le fichier txt
0
Réponse 37 / 96
Utilisateur anonyme
 
non l'executable sur ton bureau

tu fais glisser le fichier CFscript dessus , tu relaches et tu laisses bosser
0
Réponse 38 / 96
waerbenn
 
ok c bon.....
0
Réponse 39 / 96
Utilisateur anonyme
 
te sers pas du pc pendant son boulot surtout
0
Réponse 40 / 96
waerbenn
 
c normal d'avoir eu un mess comme quoi il devait redémarrer, car il a detecté un emulateur de disk, et depuis j'ai un ecran noir ?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Barre verticale droite sur clavier
k_lou -
Leuide -

41 réponses
le signe " | " dans excel
zed -
Utilisateur anonyme -

4 réponses
Barre verticale droite sur clavier mac
oui -
jeanbern -

1 réponse
Touche du clavier barre verticale
k_lou -
Architecte_300 -

6 réponses