Liberame

Merci beaucoup, la procédure a fonctionné. J'avais déjà tenté de désinstaller Itunes puis de le réinstaller mais sans penser qu'il fallait également le faire pour tout ses coreligionnaires...

Bonjour, depuis aujourd'hui, à chaque fois que je tente de lancer Itunes, j'obtiens un message d'erreur : "Microsoft visual c++ runtime library program: C:\Program Files (x86)\iTunes\iTunes.exe R6034 An application has made an attemps to load the C runtime library incorrectly " Je ne peux donc plus utiliser iTunes. Quelqu'un aurait-il une solution à me proposer? D'avance merci.

Bonjour, Voilà plusieurs années que j'achète AVG PC Tune Up et il ne me semble pas avoir à m'en plaindre. Mais comme à chaque fois qu'il s'agit de le renouveler, d'autant plus que désormais il me le faut pour deux machines, je me demande si je ne jette pas mon argent par les fenêtres. Ma question est donc la suivante : pensez-vous que cette dépense soit pertinente ou bien est-il possible d'entretenir mes systèmes aussi bien avec des logiciels gratuits ? Merci.

Un passage à la version 2014 d'AVG a confirmé l'hypothèse du faux-positif puisque l'anti-rootkit ne signale plus aucune menace. Je suis désolé de vous avoir pris de votre temps pour ce qui ne nécessitait finalement qu'une mise à jour. A ma décharge, je croyais être parfaitement à jour étant donné que je paie ma version d'AVG et que la MAJ se fait quotidiennement... Le changement de version demandait d'aller faire un tour sur le site. Désolé et encore merci!

Je n'ai donc pas de criante à avoir quant à d'éventuelles menaces pesant sur mon système? Si c'est bien le cas, merci beaucoup de m'avoir permis de le déterminer. Au revoir.

Bonjour, Je ne suis pas parvenu à sauvegarder après le scan (le bouton save... ne donnait rien). Aucune ligne rouge apparemment non plus. J'ai donc fait un copy et voilà ce que j'obtiens (mais je ne sais pas si c'est ce dont vous avez besoin) : GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-21 11:55:24 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB Running: x7o3s1ox.exe; Driver: C:\Users\Gaiason\AppData\Local\Temp\kgryykod.sys ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] [fffffa80031e0440] [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffffa6000a66650] \SystemRoot\System32\Drivers\spqb.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffffa6000a665dc] \SystemRoot\System32\Drivers\spqb.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [fffffa6000a312c0] \SystemRoot\System32\Drivers\spqb.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffffa6000a3135c] \SystemRoot\System32\Drivers\spqb.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffffa6000a31224] \SystemRoot\System32\Drivers\spqb.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffffa6000a31a24] \SystemRoot\System32\Drivers\spqb.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffffa6000a31ba0] \SystemRoot\System32\Drivers\spqb.sys [unknown section] IAT C:\Windows\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] [fffffa800322b440] [unknown section] IAT C:\Windows\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] [fffffa8005c2f440] [unknown section] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80032392c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa8005cfe2c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa8005cd92c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8005cfe2c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8005cd92c0 Device \Driver\iScsiPrt \Device\RaidPort0 fffffa8005d762c0 Device \Driver\cdrom \Device\CdRom0 fffffa8005d5b2c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa8005cd92c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa8005cd92c0 Device \Driver\netbt \Device\NetBT_Tcpip_{7810840B-472B-4DD1-B35D-C8F0F14BBF43} fffffa80063c12c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8005cd92c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8005cd92c0 Device \Driver\netbt \Device\NetBT_Tcpip_{E161B2FC-9A41-4EE8-BF5C-2159F92D854E} fffffa80063c12c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa8005cfe2c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa8005cd92c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8005cfe2c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8005cd92c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa800322f2c0 Device \Driver\volmgr \Device\FtControl fffffa800322f2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa800322f2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa800322f2c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa800322f2c0 Device \Driver\netbt \Device\NetBt_Wins_Export fffffa80063c12c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa8005cd92c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa8005cd92c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8005cd92c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8005cd92c0 Device \Driver\iScsiPrt \Device\ScsiPort1 fffffa8005d762c0 Device \Driver\Smb \Device\NetbiosSmb fffffa800638c2c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\wininit.exe [892:3296] 000007fefc9763b0 Thread C:\Windows\system32\svchost.exe [1412:1820] 000007fef859bd78 Thread C:\Windows\system32\svchost.exe [1412:2056] 000007fef85a6844 Thread C:\Windows\system32\svchost.exe [1412:2264] 000007fef82a7ba4 Thread C:\Windows\system32\svchost.exe [1412:2272] 000007fef82b19e0 Thread C:\Windows\system32\svchost.exe [1412:2404] 000007fef7bfb10c Thread C:\Windows\system32\svchost.exe [1412:2608] 000007fef7889358 Thread C:\Windows\system32\svchost.exe [1412:2636] 000007fef7893820 Thread C:\Windows\system32\svchost.exe [1412:4668] 000007fef7e1d038 Thread C:\Windows\system32\svchost.exe [1412:792] 000007fef78960bc Thread C:\Windows\system32\svchost.exe [1412:4136] 000007fef1fbaf94 Thread C:\Windows\system32\svchost.exe [1412:3104] 000007fef1fbaf94 Thread C:\Windows\system32\svchost.exe [1412:4816] 000007fef1fbaf94 Thread C:\Windows\system32\svchost.exe [1412:2232] 000007fef1fbaf94 Thread C:\Windows\system32\svchost.exe [1412:2276] 000007fef8555000 Thread C:\Windows\system32\svchost.exe [1412:4792] 000007fef7e12704 Thread C:\Windows\system32\svchost.exe [1412:2368] 000007fef7e12704 Thread C:\Windows\system32\svchost.exe [1564:2252] 000007fef852587c Thread C:\Windows\system32\svchost.exe [1564:2292] 000007fef7e41010 Thread C:\Windows\system32\svchost.exe [1564:2296] 000007fef7e41010 Thread C:\Windows\system32\svchost.exe [1564:2304] 000007fef7c77ccc Thread C:\Windows\system32\svchost.exe [1564:2324] 000007fef8555000 Thread C:\Windows\system32\svchost.exe [1564:2728] 000007fef7803dec Thread C:\Windows\system32\svchost.exe [1564:2732] 000007fef8251520 Thread C:\Windows\system32\svchost.exe [1564:2740] 000007fef7935354 Thread C:\Windows\system32\svchost.exe [1564:2760] 000007fef5a07624 Thread C:\Windows\system32\svchost.exe [1564:2776] 000007fef59f2084 Thread C:\Windows\system32\svchost.exe [1564:4408] 000007fef0c576a0 Thread C:\Windows\System32\spoolsv.exe [1788:2824] 000007fef55913dc Thread C:\Windows\System32\spoolsv.exe [1788:2828] 000007fef55912ac Thread C:\Windows\System32\spoolsv.exe [1788:2836] 000007fef54c1c00 Thread C:\Windows\System32\spoolsv.exe [1788:2844] 000007fef54738a0 Thread C:\Windows\System32\spoolsv.exe [1788:2848] 000007fef859bd78 Thread C:\Windows\System32\spoolsv.exe [1788:2852] 000007fef859c4f8 Thread C:\Windows\System32\spoolsv.exe [1788:2856] 000007fef85a6844 Thread C:\Windows\System32\spoolsv.exe [1788:2888] 000007fef772a704 Thread C:\Windows\system32\svchost.exe [1812:2060] 000007fef9507ef4 Thread C:\Windows\system32\svchost.exe [1812:2064] 000007fef94fe984 Thread C:\Windows\system32\svchost.exe [1812:2068] 000007fef94fe984 Thread C:\Windows\system32\svchost.exe [1812:2072] 000007fef94fe984 Thread C:\Windows\system32\svchost.exe [1812:2076] 000007fef94fe984 Thread C:\Windows\system32\svchost.exe [1812:2080] 000007fef94fe984 Thread C:\Windows\system32\svchost.exe [1812:4832] 000007fef950cab8 Thread C:\Windows\system32\svchost.exe [1812:5056] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:2036] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:3456] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:4068] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:5048] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:2704] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:1196] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:1240] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:4240] 000007fef96f8a4c Thread C:\Windows\system32\svchost.exe [1812:4644] 000007fef96f8a4c Thread C:\Windows\SysWOW64\svchost.exe [336:944] 00000000763df36f Thread C:\Windows\SysWOW64\svchost.exe [336:2448] 000000001000c800 Thread C:\Windows\SysWOW64\svchost.exe [336:2456] 000000003af0fd60 Thread C:\Windows\SysWOW64\svchost.exe [336:3524] 00000000763df36f Thread C:\Windows\SysWOW64\svchost.exe [336:3724] 0000000072b517ae Thread C:\Windows\SysWOW64\svchost.exe [336:4732] 00000000755177c6 Thread C:\Windows\system32\svchost.exe [2220:2308] 000007fef859bd78 Thread C:\Windows\system32\svchost.exe [2220:2444] 000007fef859c4f8 Thread C:\Windows\system32\svchost.exe [2220:2452] 000007fef85a6844 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:4516] 000007fefa99b8ec Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:4540] 000007feeaf11d80 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:4724] 000007fef8555000 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:3040] 000007feeae69a50 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0xBB 0x3E 0xCE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0xBB 0x3E 0xCE ... ---- EOF - GMER 2.1 ---- Merci pour votre aide.

Après quelques frayeurs dues à l'utilisation de Combofix (programmes qui se mettent en route tout seul après redémarrage malgré la recommandation formelle de ne faire partir aucune application...), il semble que ma machine soit toujours en vie... Voilà le rapport : ComboFix 13-10-19.02 - Gaiason 20/10/2013 15:37:23.1.2 - x64 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3032.1237 [GMT 2:00] Lancé depuis: c:\users\Gaiason\Downloads\ComboFix.exe AV: AVG AntiVirus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\logboot_18.10.2013.tureg.log c:\windows\ST6UNST.000 D:\Autorun.inf . . ((((((((((((((((((((((((((((( Fichiers créés du 2013-09-20 au 2013-10-20 )))))))))))))))))))))))))))))))))))) . . 2013-10-19 05:49 . 2013-10-19 05:49 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-10-19 05:21 . 2013-10-19 05:21 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-17 13:33 . 2013-10-08 11:58 40248 ----a-w- c:\windows\system32\TURegOpt.exe 2013-10-17 13:33 . 2013-10-08 11:57 29496 ----a-w- c:\windows\system32\authuitu.dll 2013-10-17 13:33 . 2013-10-08 11:57 25400 ----a-w- c:\windows\SysWow64\authuitu.dll 2013-10-17 13:26 . 2013-10-17 14:12 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-10-17 13:14 . 2013-10-17 13:14 -------- d-----w- c:\program files\iPod 2013-10-17 13:14 . 2013-10-17 13:16 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-17 13:14 . 2013-10-17 13:16 -------- d-----w- c:\program files\iTunes 2013-10-17 13:01 . 2013-10-17 13:01 -------- d-----w- c:\program files\Common Files\Apple 2013-10-11 09:20 . 2013-08-29 07:48 2775552 ----a-w- c:\windows\system32\win32k.sys 2013-10-11 09:20 . 2013-08-01 04:10 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-11 09:20 . 2013-08-01 03:37 47104 ----a-w- c:\windows\system32\cdd.dll 2013-10-03 12:48 . 2013-10-03 12:48 -------- d-----w- c:\users\Gaiason\AppData\Roaming\Malwarebytes 2013-10-03 12:47 . 2013-10-03 12:47 -------- d-----w- c:\programdata\Malwarebytes 2013-10-03 12:47 . 2013-10-14 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-12 07:43 . 2006-11-02 12:35 80541720 ----a-w- c:\windows\system32\mrt.exe 2013-10-09 09:27 . 2012-11-01 08:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-09 09:27 . 2011-09-20 14:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-24 03:07 . 2013-10-11 17:56 53760 ----a-w- c:\windows\apppatch\iebrshim.dll 2013-09-23 23:52 . 2013-10-11 17:56 146944 ----a-w- c:\windows\apppatch\AppPatch64\iebrshim.dll 2013-09-04 23:43 . 2013-09-04 23:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-08-02 14:06 . 2013-08-28 14:48 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-02 04:09 . 2013-08-28 14:48 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2011-05-04 12:48 . 2011-05-04 12:48 0 ----a-w- c:\program files\vlc-1.1.9-win32.exe 2011-03-04 15:53 . 2011-05-04 12:09 16048230 ----a-w- c:\program files\WinAVI_Video_Converter.exe 2011-02-17 18:07 . 2011-02-17 18:06 20364702 ----a-w- c:\program files\vlc-1.1.7-win32.exe 2010-12-17 08:40 . 2010-12-17 08:40 94720 ----a-w- c:\program files (x86)\xntimer.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Gaiason\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Gaiason\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Gaiason\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Gaiason\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440] . c:\users\Gaiason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-10-19 1316192] Dropbox.lnk - c:\users\Gaiason\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-10 29768376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\backitup.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ccleaner64.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\cdspeed.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\coverdes.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\drivespeed.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\infotool.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\mcsettings.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nero.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\neroburnrights.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nerohome.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\neromediahome.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\neroscoutoptions.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nerostartsmart.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\neroupgrade.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nerovision.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\photosnap.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\photosnapviewer.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\recode.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\setupneromobile.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\setupx.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\showtime.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\uninst.exe] "Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" . S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contenu du dossier 'Tâches planifiées' . 2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-01 09:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Gaiason\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Gaiason\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Gaiason\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Gaiason\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 153624] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 200216] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 4119552] . ------- Examen supplémentaire ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.254 FF - ProfilePath - c:\users\Gaiason\AppData\Roaming\Mozilla\Firefox\Profiles\vru31wqk.default\ FF - ExtSQL: !HIDDEN! 2010-04-30 14:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHELINS SUPPRIMES - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\02\1b\07\18/£" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\program files\Dell\DellDock\DockLogin.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\AVG\AVG2013\avgidsagent.exe c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe c:\users\Gaiason\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe . ************************************************************************** . Heure de fin: 2013-10-20 16:10:51 - La machine a redémarré ComboFix-quarantined-files.txt 2013-10-20 14:10 . Avant-CF: 56 380 895 232 octets libres Après-CF: 56 823 410 688 octets libres . - - End Of File - - D35C28C72360D964BE956D912C405C52 Merci pour votre suivi.

Merci Yoda (je ne pensais pas pouvoir remercier Yoda un jour...), j'ai suivi vos instructions et il semble que je ne sois plus ennuyé par aucun pop-up... May the force be with you always...

Bonjour, Depuis hier, j'ai une sorte de pop-up quasi systématique dès que j'ouvre une page internet : c'est une page blanche dont l'url est : http://def.findci.net/sd/cpops-1.2.0.html?u=http%3A%2F%2Fdef.findci.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D1060-5160&p=bestLyrics-15 Par ailleurs, cette page semble se surimprimer à la plupart des pages que je consulte, insérant ci-et-là quelques pubs et autres fenêtres de "conseils". J'ai multiplié les scnas avec divers logiciles : spybot, ccleaner, malwarebytes, adware cleaner, avg, mais rien n'est repéré. Mon adblockplus semble ne rien voir non plus... Bref, je suis bloqué. Quelqu'un saurait-il comment me débarasser de ce truc? D'avance merci.

Bonjour, Je ne parviens pas à trouver le fichier que vous mentionnez : C:\Windows\System32\Drivers\spwg.sys J'ai: C:\Windows\System32\Drivers\spldr.sys C:\Windows\System32\Drivers\spsys.sys C:\Windows\System32\Drivers\sptd.sys mais c'est tout... Et ce matin, AVG me ressert 27 menaces après un anti-rootkit... Merci pour votre aide.

Merci pour votre suivi, les opérations que vous m'avez indiqué ont été effectuées. Voilà le rapport : RogueKiller V8.7.4 _x64_ [Oct 16 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : http://www.adlice.com/forum/ Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Demarrage : Mode normal Utilisateur : Gaiason [Droits d'admin] Mode : Recherche -- Date : 10/19/2013 16:57:02 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Lecteurs de disque standard) - WDC WD3200BEVT-75ZCT2 +++++ --- User --- [MBR] 3afb7b8fb7449f5b6d18be02098d2a7c [bSP] 3a670cbe853f925cf136cdfad791cab7 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_S_10192013_165702.txt >>

Le logiciel a trouvé deux problèmes. Voilà le rapport : Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.10.19.01 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 7.0.6002.18005 Gaiason :: PC-DE-GAIASON [administrator] 19/10/2013 07:49:38 mbar-log-2013-10-19 (07-49-38).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 249464 Time elapsed: 25 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccleaner.exe (Security.Hijack) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccleaner.exe (Security.Hijack) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Merci.

Merci, je vais essayer cela et je vous tiens au courant.

Bonjour, voilà plusieurs semaines qu'AVG me signale des menaces (entre 10 et 50). Malgré des éradications systématiques par redémarrage, elles semblent revenir sans cesse. Ci-joint le rapport de cet après-midi : "";"pci.sys, importation en boucle ntoskrnl.exe IoDetachDevice -> spwg.sys +0x625DC, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"pci.sys, importation en boucle ntoskrnl.exe IoAttachDeviceToDeviceStack -> spwg.sys +0x62650, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"Boucle IRP, \FileSystem\Ntfs IRP_MJ_CREATE -> spwg.sys +0x3FB68, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"Boucle IRP, \Driver\volmgr IRP_MJ_CREATE -> spwg.sys +0x40B00, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"Boucle IRP, \Driver\atapi IRP_MJ_SYSTEM_CONTROL -> spwg.sys +0x413C4, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"Boucle IRP, \Driver\atapi IRP_MJ_POWER -> spwg.sys +0x413C4, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"Boucle IRP, \Driver\atapi IRP_MJ_PNP -> spwg.sys +0x413C4, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"Boucle IRP, \Driver\atapi IRP_MJ_INTERNAL_DEVICE_CONTROL -> spwg.sys +0x413C4, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"Boucle IRP, \Driver\atapi IRP_MJ_CREATE -> spwg.sys +0x413C4, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"Boucle incluse ataport.SYS DllUnload -> spwg.sys +0x5E360, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"atapi.sys, importation en boucle ataport.SYS AtaPortWritePortBufferUshort -> spwg.sys +0x2DBA0, C:\Windows\System32\Drivers\spwg.sys";"Infecté" "";"atapi.sys, importation en boucle ataport.SYS AtaPortReadPortUshort -> spwg.sys +0x2D2C0, C:\Windows\System32\Drivers\spwg.sys";"Infecté" Pourriez-vous m'indiquer comment me débarasser définitivement de ces éléments? D'avance merci.