Aller au contenu

Uc 100%

Shinyo

Par Shinyo,
dans Windows

Messages recommandés

Shinyo

Shinyo 0

Membre, 34ans Posté(e)
Shinyo
Shinyo Membre 85 messages
Baby Forumeur‚ 34ans‚
Posté(e)

Bonjour / Bonsoir

Depuis hier mon Uc reste bloquer a 100% J'ai Utiliser Ccleaner, Spybot , Ad Aware et entrain de vérifier mais sans aucun resultat...

Je pense que le rapport de Hijack vous seras plus utile qu'a moi...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:57:24, on 02/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Games\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Soft\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Soft\Guitar Pro 5\GP5.exe

C:\Soft\FREEDO~1\fdm.exe

C:\Soft\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Soft\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NBKeyScan] "C:\Soft\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RéSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Soft\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Soft\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Soft\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Soft\Free Download Manager\dlfvideo.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237184307359

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate1c9e42f46775e96) (gupdate1c9e42f46775e96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Games\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Soft\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 11628 bytes

Merci de prété attention a mon post et merci d'avance pour l'aide fournie :coeur:

Ps: Mon ordi est tellement chaud que je pourrais faire cuir un oeuf dessus... :blush:

Lien à poster
Partager sur d’autres sites
Annonces
Maintenant
Strangeway

Strangeway 6

Membre, 44ans Posté(e)
Strangeway
Strangeway Membre 234 messages
Baby Forumeur‚ 44ans‚
Posté(e)

Bonjour, Spybot et Ad Aware sont des outils obsolètes à ce jour, télécharger Malwarebytes, faire la mise à jour (proposé à l'installation), redémarrer en mode sans echec, lancer malwarebytes et effectuer un examen complet (pas d'examen rapide), refaire un Hijack, poster les deux rapports dans ta réponse.

Autre chose : Les toolbar c'est pas obligatoire et ton problème vient de là (AskTBar)

Lien à poster
Partager sur d’autres sites
Strangeway

Strangeway 6

Membre, 44ans Posté(e)
Strangeway
Strangeway Membre 234 messages
Baby Forumeur‚ 44ans‚
Posté(e)

Bonjour sfc, pourquoi réinstaller un système d'exploitation alors que l'on peut désinfecter? :blush: C'est un problème d'adware.

Lien à poster
Partager sur d’autres sites
Invité sfc

Invité sfc

Invités, Posté(e)
Invité sfc
Invité sfc Invités 0 message
Posté(e)

Je suis d'accord avec toi mais des fois c'est plus simple, ou faire une restauration system

restauration >> http://support.microsoft.com/kb/306084/fr

Lien à poster
Partager sur d’autres sites
Strangeway

Strangeway 6

Membre, 44ans Posté(e)
Strangeway
Strangeway Membre 234 messages
Baby Forumeur‚ 44ans‚
Posté(e)

:blush: Une point de restauration système avec un pc étant déjà infecté peut contenir l'infection en elle-même (à voir avec Mbytes), si il y a un rootkit on l'a dans l'os :coeur:

Lien à poster
Partager sur d’autres sites
Shinyo

Shinyo 0

Membre, 34ans Posté(e)
Shinyo
Shinyo Membre 85 messages
Baby Forumeur‚ 34ans‚
Posté(e)

Merci pour vos réponses alors j'ai fait le scan complet il a trouver deux virus un traceur et un keylogger... Mais j'ai oublier de copier le rapport --" :blush: .

Part contre j'ai celui de Hijack et oui l'uc est toujours a 100% :coeur:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:06:15, on 04/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Games\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Soft\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Soft\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Soft\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NBKeyScan] "C:\Soft\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RéSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Soft\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Soft\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Soft\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Soft\Free Download Manager\dlfvideo.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237184307359

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate1c9e42f46775e96) (gupdate1c9e42f46775e96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Games\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Soft\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 11481 bytes

Excuser pour le retard j'était pas chez moi --"

Lien à poster
Partager sur d’autres sites
Shinyo

Shinyo 0

Membre, 34ans Posté(e)
Shinyo
Shinyo Membre 85 messages
Baby Forumeur‚ 34ans‚
Posté(e)

Awé ? même sans aller sur le net sa fait ramer l'ordi ^^'

Lien à poster
Partager sur d’autres sites
Invité sfc

Invité sfc

Invités, Posté(e)
Invité sfc
Invité sfc Invités 0 message
Posté(e)
Awé ? même sans aller sur le net sa fait ramer l'ordi ^^'

c"est pour sa que je nétoi pretiquement tou les jour, je pence avec ce que tu c'est :blush:

Lien à poster
Partager sur d’autres sites
Strangeway

Strangeway 6

Membre, 44ans Posté(e)
Strangeway
Strangeway Membre 234 messages
Baby Forumeur‚ 44ans‚
Posté(e)

Ben alors refais un malwarebytes cette fois-ci n'oublie pas de poster le rapport.

Relancer Hijackthis, cocher les lignes suivantes:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) 
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)  
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

Cliquer sur "Fix checked"

Refaire un Hijackthis et coller le rapport.

télécharger Toolbar S&D

Le lancer, au prompt, taper "f"--->entrée et 1--->entrée

Poster le rapport dans ta réponse.

Nota : quand on installe un logiciel, même si c'est en anglais, on lit pour savoir si il y a des choses qui seront installées en plus. Ask TBar transmet des informations personnelles à un serveur tels que les mots de passe ; ne rien accepter sans lire et ne pas cliquer "suivant" comme un goret affamé :blush:

Lien à poster
Partager sur d’autres sites
Shinyo

Shinyo 0

Membre, 34ans Posté(e)
Shinyo
Shinyo Membre 85 messages
Baby Forumeur‚ 34ans‚
Posté(e)

Donc ToolBar

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Cédric ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:189 Go (Free:13 Go)

D:\ (CD or DVD)

E:\ (USB) - FAT32 - Total:3820 Mo (Free:0 Go)

F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [1] ( 04/12/2009|21:42 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\DAEMON Tools Toolbar

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

C:\Program Files\DAEMON Tools Toolbar\Resources

C:\Program Files\DAEMON Tools Toolbar\uninst.exe

C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\as.png

C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png

C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico

-----------\\ Extensions

(C‚dric) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(C‚dric) - {364d4e0c-543f-4b85-abe3-19551139da4f} => softonic_france

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

"Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 04/12/2009|21:44 - Option : [1]

-----------\\ Fin du rapport a 21:44:30,67

Suivie de Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:46:32, on 04/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Games\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Soft\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Soft\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Soft\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NBKeyScan] "C:\Soft\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Soft\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RéSEAU')

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Utilisateur')

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Papa')

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrateur')

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'Administrateur')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Soft\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Soft\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Soft\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Soft\Free Download Manager\dlfvideo.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237184307359

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate1c9e42f46775e96) (gupdate1c9e42f46775e96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Games\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Soft\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 11913 bytes

Ah oui j'avais dit oui a je sais pus quelle Antivirus pour qu'il donne des infos sur L'ordi ou je sais plus trop.

Oups Maintenant je saurait :blush:

Excuser moi de prendre de votre temps pour ça ^^' je ferais le rapport de Malware Demain parceque j'ai pas le temps maintenant :coeur: Désoler...

Merci encore pour l'aide Fournie sa avance en dirait :snif:

Maintenant L'uc est a 100% quand j'ouvre la la fenêtre de gestion des tâches et retombe normalement mais je sens encore que sa ram :coeur: .

PS: J'ai un pti Isass.exe qui traine dans mes processus j'avais lut que c'était un Virus c'est vrai ? ^^'

Lien à poster
Partager sur d’autres sites
Strangeway

Strangeway 6

Membre, 44ans Posté(e)
Strangeway
Strangeway Membre 234 messages
Baby Forumeur‚ 44ans‚
Posté(e)

lsass.exe est un processus légitime, c'est isass.exe qui n'en est pas un. (pernicieusement, le "L" est remplacé par un "i") ce qui n'est pas le cas chez toi => C:\WINDOWS\system32\lsass.exe

En attente de Mbytes

Lien à poster
Partager sur d’autres sites
Shinyo

Shinyo 0

Membre, 34ans Posté(e)
Shinyo
Shinyo Membre 85 messages
Baby Forumeur‚ 34ans‚
Posté(e)

Donc pardon pour le grand retard plein d'empêchement... et surtout un long scan...

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

07/12/2009 23:57:33

mbam-log-2009-12-07 (23-57-33).txt

Scan type: Full Scan (C:\|)

Objects scanned: 442834

Time elapsed: 4 hour(s), 41 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Alors L'UC mon toujours a 100% mais moins souvent :coeur: et un certain Processus du nom de svchost.exe apparait jusqu'a 6 fois dans les tâches :coeur: .

Merci encore ! :blush:

Lien à poster
Partager sur d’autres sites
Strangeway

Strangeway 6

Membre, 44ans Posté(e)
Strangeway
Strangeway Membre 234 messages
Baby Forumeur‚ 44ans‚
Posté(e)

Excuse, je n'avais pas vu ta réponse hier :blush:

Télécharge Combofix, exécute, continue, option 1 =>installe la console de récupération si elle n'est pas déjà activée, continuer jusqu'à la fin du scan, le reboot et laisser faire, un rapport se créera, le coller dans ta réponse.

Poste un nouveau hijack après l'analyse, est-ce que ça va mieux?

Lien à poster
Partager sur d’autres sites
Shinyo

Shinyo 0

Membre, 34ans Posté(e)
Shinyo
Shinyo Membre 85 messages
Baby Forumeur‚ 34ans‚
Posté(e)

Voila ComboFix alors j'ai bien l'impression que tous s'améliore c'est pas une certitude mais :snif:

ComboFix 09-12-08.03 - Cédric 09/12/2009 11:43:48.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2550.2108 [GMT 11:00]

Lancé depuis: c:\downloads\Software\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrateur\Local Settings\Application Data\Kosong.Bron.Tok.txt

c:\documents and settings\Papa\Local Settings\Application Data\Kosong.Bron.Tok.txt

c:\program files\FlashGet Network

c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log

c:\program files\FlashGet Network\FlashGet universal\fgoption.ini

c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini

c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini

c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini

c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat

c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat

c:\program files\FlashGet Network\FlashGet universal\transaction.log

c:\windows\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx

c:\windows\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-09 au 2009-12-09 ))))))))))))))))))))))))))))))))))))

.

2009-12-04 23:28 . 2009-12-04 23:28 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Office Genuine Advantage

2009-12-04 10:42 . 2009-12-04 10:44 -------- d-----w- C:\ToolBar SD

2009-12-04 05:46 . 2009-12-09 00:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-04 05:23 . 2009-12-04 05:23 -------- d-----w- c:\program files\Fichiers communs\PC Tools

2009-12-02 01:09 . 2009-12-02 01:09 -------- d-----w- c:\documents and settings\LocalService\Bureau

2009-12-01 12:56 . 2009-12-01 12:55 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-12-01 12:19 . 2009-12-04 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-12-01 11:19 . 2009-12-01 11:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2009-11-25 11:37 . 2009-12-09 00:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi

2009-11-11 08:23 . 2009-11-11 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-08 11:27 . 2006-05-02 03:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-08 10:13 . 2009-06-10 09:31 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-04 23:10 . 2006-05-02 03:58 76488 ----a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-04 05:45 . 2009-03-20 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-03 07:37 . 2009-03-20 09:17 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-01 11:28 . 2009-02-01 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-01 01:27 . 2009-06-03 09:38 -------- d-----w- c:\program files\Google

2009-11-26 19:23 . 2009-02-26 19:02 88 --sh--r- c:\windows\system32\DB92F05F50.sys

2009-11-26 19:23 . 2009-02-26 19:02 900 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-11-16 05:04 . 2009-05-17 03:28 -------- d-----w- c:\program files\DivX

2009-11-14 07:59 . 2009-07-28 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-08 23:36 . 2009-07-15 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-11-06 13:10 . 2009-11-06 13:10 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR

2009-11-06 13:09 . 2009-11-06 13:10 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-11-03 21:55 . 2007-02-11 09:58 -------- d-----w- c:\program files\Java

2009-11-03 01:59 . 2009-11-03 01:59 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire

2009-11-01 23:04 . 2009-11-01 23:04 -------- d-----w- c:\program files\Pando Networks

2009-11-01 06:39 . 2009-08-09 04:19 -------- d-----w- c:\documents and settings\Papa\Application Data\vlc

2009-10-31 07:39 . 2006-06-17 07:05 76488 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-30 02:03 . 2009-10-30 02:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-10-30 02:00 . 2009-10-30 01:59 -------- d-----r- c:\program files\Skype

2009-10-30 01:59 . 2009-10-30 01:59 -------- d-----w- c:\program files\Fichiers communs\Skype

2009-10-30 01:59 . 2009-10-30 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-10-25 06:36 . 2009-07-28 02:54 -------- d-----w- c:\program files\Microsoft Works

2009-10-15 19:12 . 2002-09-07 00:00 81352 ----a-w- c:\windows\system32\perfc00C.dat

2009-10-15 19:12 . 2002-09-07 00:00 503386 ----a-w- c:\windows\system32\perfh00C.dat

2009-10-10 17:17 . 2009-03-16 07:03 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-22 22:41 . 2009-04-01 10:57 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys

2009-09-11 14:18 . 2004-08-19 05:09 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 03:54 . 2009-03-20 09:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 03:53 . 2009-03-20 09:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2001-12-31 21:00 . 2006-07-17 08:16 889094 ----a-w- c:\program files\starcr~1

2005-05-13 06:12 . 2005-05-13 06:12 217073 --sha-r- c:\windows\meta4.exe

2005-10-24 00:13 . 2005-10-24 00:13 66560 --sha-r- c:\windows\MOTA113.exe

2005-10-13 10:27 . 2005-10-13 10:27 422400 --sha-r- c:\windows\x2.64.exe

2005-06-26 04:32 . 2005-06-26 04:32 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-21 11:37 . 2005-06-21 11:37 45568 --sha-r- c:\windows\system32\cygz.dll

2006-05-03 10:06 . 2009-08-12 05:52 163328 --sh--r- c:\windows\system32\flvDX.dll

2004-01-24 13:00 . 2004-01-24 13:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2007-02-21 11:47 . 2009-08-12 05:52 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-04-14 02:33 . 2004-08-19 05:09 1384479 --sh--r- c:\windows\system32\msvbvm60.dll

2008-03-16 13:30 . 2009-08-12 05:52 216064 --sh--r- c:\windows\system32\nbDX.dll

2006-04-26 23:24 . 2006-04-26 23:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2005-02-28 02:16 . 2005-02-28 02:16 240128 --sha-r- c:\windows\system32\x.264.exe

2004-01-24 13:00 . 2004-01-24 13:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-03 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-01 2923192]

"RegistryMechanic"="c:\soft\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

"EA Core"="c:\soft\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-13 1388544]

"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"NBKeyScan"="c:\soft\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-27 570664]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]

backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

"EPSON Stylus Photo R200 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

"SpybotSD TeaTimer"=c:\soft\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\soft\iTunes\iTunesHelper.exe"

"EPSON Stylus Photo R200 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\games\\Liero\\LieroX.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Soft\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Soft\\uTorrent\\uTorrent.exe"=

"c:\\Soft\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Soft\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Soft\\EasyPHP1-8-ModGSI\\mysql\\bin\\mysqld.exe"=

"c:\\Soft\\EasyPHP1-8-ModGSI\\apache\\Apache.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\games\\League of Legends\\Air\\LolClient.exe"=

"c:\\games\\League of Legends\\Game\\League of Legends.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\games\\gPotato.eu\\Allods Online\\bin\\Launcher.exe"=

"c:\\games\\gPotato.eu\\Allods Online\\bin\\AOgame.exe"=

"c:\\games\\Left 4 dead\\hl2.exe"=

"c:\\games\\Left 4 dead 2\\Left 4 Dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"57437:TCP"= 57437:TCP:Pando Media Booster

"57437:UDP"= 57437:UDP:Pando Media Booster

"8394:TCP"= 8394:TCP:League of Legends Launcher

"8394:UDP"= 8394:UDP:League of Legends Launcher

"6918:TCP"= 6918:TCP:League of Legends Launcher

"6918:UDP"= 6918:UDP:League of Legends Launcher

"6916:TCP"= 6916:TCP:League of Legends Launcher

"6916:UDP"= 6916:UDP:League of Legends Launcher

R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [08/01/2009 19:20 18110]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/09/2008 18:14 717296]

R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [08/01/2009 19:20 619390]

R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [08/01/2009 19:20 423454]

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [20/05/2008 20:21 53760]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2009 20:31 108289]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\games\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [28/05/2006 16:14 8864]

R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [28/05/2006 16:14 8864]

R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [28/05/2006 16:14 8864]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe [04/12/2009 16:23 583640]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [06/09/2009 12:49 33792]

S2 gupdate1c9e42f46775e96;Service Google Update (gupdate1c9e42f46775e96);c:\program files\Google\Update\GoogleUpdate.exe [03/06/2009 20:40 133104]

S3 cdrmkaun;cdrmkaun; [x]

S3 FXDRV;FXDRV; [x]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Tout télécharger avec Free Download Manager - file://c:\soft\Free Download Manager\dlall.htm

IE: Télécharger avec Free Download Manager - file://c:\soft\Free Download Manager\dllink.htm

IE: Télécharger la sélection avec Free Download Manager - file://c:\soft\Free Download Manager\dlselected.htm

IE: Télécharger la vidéo avec Free Download Manager - file://c:\soft\Free Download Manager\dlfvideo.htm

FF - ProfilePath - c:\documents and settings\Cédric\Application Data\Mozilla\Firefox\Profiles\lzbxkr2v.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351374&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1242019655&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1036&id=64855&mkt=fr-FR

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351374&SearchSource=2&q=

FF - component: c:\documents and settings\Cédric\Application Data\Mozilla\Firefox\Profiles\lzbxkr2v.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}\components\FFExternalAlert.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\soft\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\soft\iTunes\Mozilla Plugins\npitunes.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-09 11:50

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\docume~1\CDRIC~1\LOCALS~1\Temp\~DF2EB1.tmp 491520 bytes

Scan terminé avec succès

Fichiers cachés: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys sppq.sys >>UNKNOWN [0x8ABC7938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8

\Driver\atapi -> prosync1.sys @ 0xba5b2661

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xb9d05bd4

PacketIndicateHandler -> NDIS.sys @ 0xb9d11a21

SendHandler -> NDIS.sys @ 0xb9d05d44

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-790525478-1547161642-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-790525478-1547161642-839522115-1006\Software\SecuROM\License information*]

"datasecu"=hex:ed,9e,74,30,93,b9,fe,cf,fd,8e,48,8f,04,13,34,bb,24,0e,2d,b9,13,

da,4c,0b,3b,0d,d7,de,97,c9,3e,74,f3,c3,de,b5,47,e0,ac,d4,bf,34,f1,f7,a9,6f,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\é¿¿|éééé¿¿|ù¿9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(640)

c:\windows\system32\Ati2evxx.dll

c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2416)

c:\soft\iTunes\iTunesMiniPlayer.dll

c:\soft\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll

c:\soft\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\eappprxy.dll

c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\libusbd-nt.exe

c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\soft\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\PSIService.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\rundll32.exe

c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2009-12-09 11:59:49 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-12-09 00:59

Avant-CF: 6 125 551 616 octets libres

Après-CF: 6 013 222 912 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 050952A1C3B164CBFF18618763615868

Et Voici Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:04:37, on 09/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Games\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Soft\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Soft\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Soft\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NBKeyScan] "C:\Soft\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Soft\Registry Mechanic\RegMech.exe /H

O4 - HKCU\..\Run: [EA Core] "C:\Soft\Electronic Arts\EADM\Core.exe" -silent

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Utilisateur')

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Utilisateur')

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Papa')

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrateur')

O4 - HKUS\S-1-5-21-790525478-1547161642-839522115-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'Administrateur')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Soft\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Soft\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Soft\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Soft\Free Download Manager\dlfvideo.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237184307359

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate1c9e42f46775e96) (gupdate1c9e42f46775e96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Games\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Soft\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 11495 bytes

Voila les scan demander :blush: C'est plus Rapide que Malwarebytes' Anti-Malware :coeur:

Donc Bilan j'ai l'impression que sa ram moi mais L'uc monte toujour a 100% :bo: mais le grand pas c'est que L'ordi chauffe déja moins :coeur:

Merci Merci :bo:

Lien à poster
Partager sur d’autres sites
Strangeway

Strangeway 6

Membre, 44ans Posté(e)
Strangeway
Strangeway Membre 234 messages
Baby Forumeur‚ 44ans‚
Posté(e)

Enfin ; il était pas loin :blush:

Télécharge Gmer--->scan--->copy--->coller dans la réponse

En attendant la mienne:

Vide tes fichiers temporaires (en mode sans echec, F8 au boot--->mode sans echec) avec Ccleaner + réparation registre avec le même outil.

Toujours avec Ccleaner, Gère tes processus de démarrage:

Outils--->démarrage---> désactiver tout sauf l'antivirus et les softs pour clavier/écran et souris si présents.

Par exemple je ne pense pas que tu ais obligatoirement besoin de Nero au démarrage :coeur:

Pour ce qui est de la défragmentation, l'outil windows c'est pas génial, défragmente avec MyDefrag(ex JkDefrag).

Pour finir, j'ai envie de te dire que DaemonToolbar n'est pas obligatoire (pas plus que n'importe quelle autre toolbar).

Utilise un browser autre que IE, comme safari/Opera/Firefox et dérivés) et met toujours à jour les logiciels Adobe et java (sinon c'est la foire du slip)

Lien à poster
Partager sur d’autres sites
Shinyo

Shinyo 0

Membre, 34ans Posté(e)
Shinyo
Shinyo Membre 85 messages
Baby Forumeur‚ 34ans‚
Posté(e)

J'ai fait ce scan il était assez rapide :bo: mais je m'excuse d'avance car je devrait quitter l'ordi pendant 3 jours :snif:

Et oui je suis bachelier et sa ce fête :coeur: Je ne reviendrais que dans 3 jour donc merci encore et bon courage :coeur: .

Ps: J'utilise Firefox comme Browser et Auslogics Disk Defrag Pour les défragmentation :bo:

Merci encore pour l'aide fournie :blush: .

GMER 1.0.15.15273 - http://www.gmer.net

Rootkit scan 2009-12-09 21:50:44

Windows 5.1.2600 Service Pack 3

Running: iqspcp13.exe; Driver: C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\uxtdypoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\mmrtkrnl.sys (MMRTKRNL.SYS/ALCATech GmbH) ZwClose [0xBA2AACA6]

SSDT BA71A5C6 ZwCreateKey

SSDT BA71A5BC ZwCreateThread

SSDT BA71A5CB ZwDeleteKey

SSDT BA71A5D5 ZwDeleteValueKey

SSDT spsn.sys ZwEnumerateKey [0xB9EC6CA2]

SSDT spsn.sys ZwEnumerateValueKey [0xB9EC7030]

SSDT BA71A5DA ZwLoadKey

SSDT \SystemRoot\system32\drivers\mmrtkrnl.sys (MMRTKRNL.SYS/ALCATech GmbH) ZwOpenKey [0xBA2AAC22]

SSDT BA71A5A8 ZwOpenProcess

SSDT BA71A5AD ZwOpenThread

SSDT spsn.sys ZwQueryKey [0xB9EC7108]

SSDT spsn.sys ZwQueryValueKey [0xB9EC6F88]

SSDT BA71A5E4 ZwReplaceKey

SSDT BA71A5DF ZwRestoreKey

SSDT BA71A5D0 ZwSetValueKey

SSDT BA71A5B7 ZwTerminateProcess

INT 0x62 ? 8AC43BF8

INT 0x63 ? 8A9BBBF8

INT 0x73 ? 8AC43BF8

INT 0x73 ? 8AC43BF8

INT 0x73 ? 8A9BBBF8

INT 0x73 ? 8AC43BF8

INT 0x82 ? 8AC43BF8

INT 0x83 ? 8A9BBBF8

INT 0xB4 ? 8A9BBBF8

---- Kernel code sections - GMER 1.0.15 ----

? spsn.sys Le fichier spécifié est introuvable. !

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB92AB000, 0x1C5D58, 0xE8000020]

.text USBPORT.SYS!DllUnload B928A8AC 5 Bytes JMP 8A9BB1D8

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB91CD900]

.text a3ngz4ry.SYS B9119386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]

.text a3ngz4ry.SYS B91193AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

.text a3ngz4ry.SYS B91193C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}

.text a3ngz4ry.SYS B91193C9 1 Byte [2E]

.text a3ngz4ry.SYS B91193C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]

.text ...

init C:\WINDOWS\system32\drivers\mmrtkrnl.sys entry point in "init" section [0xBA2AEC80]

.text C:\WINDOWS\system32\drivers\SSHDRV76.sys section is writeable [0xACFEA000, 0x16204, 0xE8000020]

.pklstb C:\WINDOWS\system32\drivers\SSHDRV76.sys entry point in ".pklstb" section [0xAD008000]

.relo2 C:\WINDOWS\system32\drivers\SSHDRV76.sys unknown last section [0xAD018000, 0x86, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E30 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C70 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BF0 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EF0 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001D00 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F60 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001850 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D90 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 28006AF0 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 280046B0 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005E90 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28006110 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 28006760 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003CE0 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005FD0 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 28006950 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 28006300 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004F90 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 5 Bytes JMP 28003430 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] ole32.dll!CoInitializeEx 774BEF7B 5 Bytes JMP 28002270 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 28002610 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] ole32.dll!CoRegisterClassObject 774D7E90 5 Bytes JMP 28002370 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] WININET.dll!InternetReadFile 404B654B 5 Bytes JMP 2800A0E0 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] WININET.dll!InternetCloseHandle 404B9088 5 Bytes JMP 2800A290 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] WININET.dll!HttpOpenRequestA 404BD508 5 Bytes JMP 28009F50 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3664] WININET.dll!HttpSendRequestA 404CEE89 5 Bytes JMP 2800A1C0 C:\Soft\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3884] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b9EA9040] spsn.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b9EA913C] spsn.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b9EA90BE] spsn.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b9EA97FC] spsn.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b9EA96D2] spsn.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b9EB9048] spsn.sys

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!KeGetCurrentIrql] 57B80974

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!KfRaiseIrql] 8B000000

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!KfLowerIrql] 56C35DE5

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!HalGetInterruptVector] 8D08758B

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520

IAT \SystemRoot\System32\Drivers\a3ngz4ry.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0011b107a361 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0011b107a361@0012d12100cb 0x87 0xC8 0x30 0x42 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF8 0xA3 0x6D 0x8A ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFC 0x0B 0xA2 0x2B ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC2 0x5A 0xA0 0x7E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a361

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a361@0012d12100cb 0x87 0xC8 0x30 0x42 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF8 0xA3 0x6D 0x8A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8B 0x5F 0xAF 0xB4 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBA 0x42 0xA5 0x13 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDD 0x41 0xC2 0xB9 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF8 0xA3 0x6D 0x8A ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8B 0x5F 0xAF 0xB4 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x42 0x80 0x50 0x12 ...

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0011b107a361 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0011b107a361@0012d12100cb 0x87 0xC8 0x30 0x42 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF8 0xA3 0x6D 0x8A ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8B 0x5F 0xAF 0xB4 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBA 0x42 0xA5 0x13 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDD 0x41 0xC2 0xB9 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32@ C:\Games\Atlantica\StmOCX.dll??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\InprocServer32@ThreadingModel Apartment??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\Programmable

Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\TypeLib

Reg HKLM\SOFTWARE\Classes\CLSID\{7A0D1738-10EA-47FF-92BE-4E137B5BE1A4}\TypeLib@ {0AB6D809-3081-494F-BD93-D58F480BF0E3}??????????????????????????????????????????????????????????????????????????????????????????

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

Disk \Device\Harddisk0\DR0 sector 02: copy of MBR

Disk \Device\Harddisk0\DR0 sector 03: copy of MBR

Disk \Device\Harddisk0\DR0 sector 04: copy of MBR

Disk \Device\Harddisk0\DR0 sector 05: copy of MBR

Disk \Device\Harddisk0\DR0 sector 06: copy of MBR

Disk \Device\Harddisk0\DR0 sector 07: copy of MBR

Disk \Device\Harddisk0\DR0 sector 08: copy of MBR

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

Disk \Device\Harddisk0\DR0 sector 10: copy of MBR

Disk \Device\Harddisk0\DR0 sector 11: copy of MBR

Disk \Device\Harddisk0\DR0 sector 12: copy of MBR

Disk \Device\Harddisk0\DR0 sector 13: copy of MBR

Disk \Device\Harddisk0\DR0 sector 14: copy of MBR

Disk \Device\Harddisk0\DR0 sector 15: copy of MBR

Disk \Device\Harddisk0\DR0 sector 16: copy of MBR

Disk \Device\Harddisk0\DR0 sector 17: copy of MBR

Disk \Device\Harddisk0\DR0 sector 18: copy of MBR

Disk \Device\Harddisk0\DR0 sector 19: copy of MBR

Disk \Device\Harddisk0\DR0 sector 20: copy of MBR

Disk \Device\Harddisk0\DR0 sector 21: copy of MBR

Disk \Device\Harddisk0\DR0 sector 22: copy of MBR

Disk \Device\Harddisk0\DR0 sector 23: copy of MBR

Disk \Device\Harddisk0\DR0 sector 24: copy of MBR

Disk \Device\Harddisk0\DR0 sector 25: copy of MBR

Disk \Device\Harddisk0\DR0 sector 26: copy of MBR

Disk \Device\Harddisk0\DR0 sector 27: copy of MBR

Disk \Device\Harddisk0\DR0 sector 28: copy of MBR

Disk \Device\Harddisk0\DR0 sector 29: copy of MBR

Disk \Device\Harddisk0\DR0 sector 30: copy of MBR

Disk \Device\Harddisk0\DR0 sector 31: copy of MBR

Disk \Device\Harddisk0\DR0 sector 32: copy of MBR

Disk \Device\Harddisk0\DR0 sector 33: copy of MBR

Disk \Device\Harddisk0\DR0 sector 34: copy of MBR

Disk \Device\Harddisk0\DR0 sector 35: copy of MBR

Disk \Device\Harddisk0\DR0 sector 36: copy of MBR

Disk \Device\Harddisk0\DR0 sector 37: copy of MBR

Disk \Device\Harddisk0\DR0 sector 38: copy of MBR

Disk \Device\Harddisk0\DR0 sector 39: copy of MBR

Disk \Device\Harddisk0\DR0 sector 40: copy of MBR

Disk \Device\Harddisk0\DR0 sector 41: copy of MBR

Disk \Device\Harddisk0\DR0 sector 42: copy of MBR

Disk \Device\Harddisk0\DR0 sector 43: copy of MBR

Disk \Device\Harddisk0\DR0 sector 44: copy of MBR

Disk \Device\Harddisk0\DR0 sector 45: copy of MBR

Disk \Device\Harddisk0\DR0 sector 46: copy of MBR

Disk \Device\Harddisk0\DR0 sector 47: copy of MBR

Disk \Device\Harddisk0\DR0 sector 48: copy of MBR

Disk \Device\Harddisk0\DR0 sector 49: copy of MBR

Disk \Device\Harddisk0\DR0 sector 50: copy of MBR

Disk \Device\Harddisk0\DR0 sector 51: copy of MBR

Disk \Device\Harddisk0\DR0 sector 52: copy of MBR

Disk \Device\Harddisk0\DR0 sector 53: copy of MBR

Disk \Device\Harddisk0\DR0 sector 54: copy of MBR

Disk \Device\Harddisk0\DR0 sector 55: copy of MBR

Disk \Device\Harddisk0\DR0 sector 56: copy of MBR

Disk \Device\Harddisk0\DR0 sector 57: copy of MBR

Disk \Device\Harddisk0\DR0 sector 58: copy of MBR

Disk \Device\Harddisk0\DR0 sector 59: copy of MBR

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

Lien à poster
Partager sur d’autres sites
Annonces
Maintenant

Archivé

Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.

Aller sur la liste des sujets
×