Analyse Hijack - p'tite verif

saqhah · le 20 avril 2009

Bonsoir

Désolé j'ai eu beaucoup de problèmes avec comboFix mais maintenant je crois que ça à marché ^^

J'ai une question qui n'a peut être rien à voir, voila dés que je met un telechargement à partir de Internet Download Manager ma connexion internet se coupe... Et je ne sais pas pourquoi et cela est vraiment très agaçant... j'ai ce problème depuis pas longtemps ...

ComboFix 09-04-21.03 - Tiflo 04/20/2009 22:12.3 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3581.2995 [GMT 2:00]

Running from: c:\users\Tiflo\Documents\Downloads\Programs\ComboFix.exe

Command switches used :: c:\users\Tiflo\Documents\Downloads\Programs\CFScript.txt

FILE ::

c:\windows\system32\GameMon.des

c:\windows\TEMP\TMP00000001D8D8941F6E6860A0

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\GameMon.des

.

((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))

.

2009-04-16 21:38 . 2009-04-20 20:16 229785655 ----a-w c:\windows\MEMORY.DMP

2009-04-16 20:46 . 2009-04-16 20:46 691 ----a-w c:\users\Tiflo\AppData\Roaming\GetValue.vbs

2009-04-16 20:46 . 2009-04-16 20:46 35 ----a-w c:\users\Tiflo\AppData\Roaming\SetValue.bat

2009-04-16 19:14 . 2009-04-18 14:18 -------- d-----w c:\users\Tiflo\AppData\Roaming\Command & Conquer 3 Tiberium Wars

2009-04-16 15:24 . 2009-04-16 15:31 -------- d-----w C:\ToolBar SD

2009-04-16 10:10 . 2009-04-16 15:00 -------- d-----w c:\users\Tiflo\workspace

2009-04-15 09:11 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-15 09:11 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-15 09:11 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-14 16:51 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

2009-04-14 16:51 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-04-14 16:51 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll

2009-04-14 16:51 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl

2009-04-14 16:51 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll

2009-04-14 16:51 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe

2009-04-14 16:51 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

2009-04-14 16:51 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe

2009-04-14 16:45 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll

2009-04-14 16:45 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll

2009-04-14 16:45 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll

2009-04-14 16:45 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll

2009-04-14 16:45 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll

2009-04-14 16:21 . 2005-01-02 21:43 4682 ----a-w c:\windows\system32\npptNT2.sys

2009-04-14 16:21 . 2003-07-19 06:17 5174 ----a-w c:\windows\system32\nppt9x.vxd

2009-04-14 14:32 . 2009-04-14 14:32 -------- d-----w c:\windows\system32\xlive

2009-04-12 13:56 . 2009-04-16 08:54 -------- d-----w c:\users\Tiflo\AppData\Local\Cooliris

2009-04-12 12:21 . 2009-04-12 12:21 -------- d-----w c:\users\Tiflo\AppData\Local\MigWiz

2009-04-12 11:55 . 2009-04-20 20:17 -------- d-----w c:\users\Tiflo\AppData\Roaming\DMCache

2009-04-12 11:55 . 2009-04-16 22:24 -------- d-----w c:\users\Tiflo\AppData\Roaming\IDM

2009-04-10 14:47 . 2009-04-10 14:47 -------- d-----r c:\windows\system32\config\systemprofile\Music

2009-04-09 15:01 . 2009-04-09 15:01 -------- d-----w c:\users\Tiflo\AppData\Roaming\Command & Conquer 3 Kane's Wrath

2009-04-03 13:24 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll

2009-04-02 15:30 . 2009-04-02 15:30 615 ----a-w c:\windows\eReg.dat

2009-03-22 13:09 . 2009-03-22 13:09 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-20 20:17 . 2009-02-03 21:27 27839 ----a-w c:\users\All Users\nvModes.dat

2009-04-20 20:17 . 2009-02-03 21:27 27839 ----a-w c:\programdata\nvModes.dat

2009-04-20 20:15 . 2008-01-21 08:40 712486 ----a-w c:\windows\System32\perfh00C.dat

2009-04-20 20:15 . 2008-01-21 08:40 142926 ----a-w c:\windows\System32\perfc00C.dat

2009-04-17 20:15 . 2009-02-04 22:59 -------- d-----w c:\users\Tiflo\AppData\Roaming\dvdcss

2009-04-17 11:58 . 2009-02-05 20:33 -------- d-----w c:\program files\Activision

2009-04-16 20:47 . 2009-04-16 20:38 2524 ----a-w C:\rapport.txt

2009-04-16 18:01 . 2009-02-03 20:58 -------- d-----w c:\program files\Electronic Arts

2009-04-16 15:31 . 2009-04-16 15:26 3802 ----a-w C:\TB.txt

2009-04-16 10:03 . 2009-04-16 10:03 -------- d-----w c:\program files\Trend Micro

2009-04-16 09:58 . 2009-02-17 21:05 -------- d-----w c:\program files\eclipse

2009-04-16 09:07 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-16 08:59 . 2009-02-03 22:27 -------- d-----w c:\programdata\Microsoft Help

2009-04-15 11:24 . 2009-02-07 16:00 -------- d-----w c:\users\Tiflo\AppData\Roaming\codeblocks

2009-04-14 17:59 . 2009-02-03 18:34 102192 ----a-w c:\users\Tiflo\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-14 16:20 . 2009-04-14 16:20 -------- d-----w c:\program files\Common Files\INCA Shared

2009-04-14 15:43 . 2009-04-14 15:43 -------- d-----w c:\program files\Ê¢´óÍøÂç

2009-04-14 14:34 . 2009-04-14 13:40 -------- d-----w c:\program files\Rockstar Games

2009-04-14 14:32 . 2009-04-14 14:32 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2009-04-14 13:40 . 2009-01-30 10:30 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-13 20:20 . 2009-02-03 21:09 -------- d-----w c:\programdata\Media Center Programs

2009-04-13 20:01 . 2009-04-13 20:01 -------- d-----w c:\program files\Ubisoft

2009-04-13 08:55 . 2009-04-12 11:55 -------- d-----w c:\program files\Internet Download Manager

2009-04-12 14:07 . 2008-01-21 02:23 615424 ----a-w c:\windows\System32\themeui.dll

2009-04-12 14:07 . 2008-01-21 02:23 240128 ----a-w c:\windows\System32\uxtheme.dll

2009-04-09 14:38 . 2009-04-09 14:38 -------- d-----w c:\program files\7-Zip

2009-04-02 15:25 . 2009-03-06 16:52 -------- d-----w c:\program files\EA GAMES

2009-04-02 15:22 . 2009-01-30 10:29 -------- d-----w c:\program files\Common Files\InstallShield

2009-03-17 03:38 . 2009-04-15 09:10 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-17 03:38 . 2009-04-15 09:10 13824 ----a-w c:\windows\System32\apilogen.dll

2009-03-17 03:38 . 2009-04-15 09:10 24064 ----a-w c:\windows\System32\amxread.dll

2009-03-10 17:33 . 2009-02-16 14:28 -------- d-----w c:\users\Tiflo\AppData\Roaming\Hamachi

2009-03-09 17:29 . 2009-03-09 17:29 -------- d-----w c:\program files\Tetris

2009-03-08 18:19 . 2009-03-08 16:00 -------- d-----w c:\users\Tiflo\AppData\Roaming\Crayon Physics Deluxe

2009-03-08 15:58 . 2009-03-08 15:58 -------- d-----w c:\program files\Crayon Physics Deluxe

2009-03-05 17:47 . 2009-03-05 17:47 -------- d-----w c:\programdata\Megaupload

2009-03-05 17:47 . 2009-03-05 17:47 -------- d-----w c:\programdata\EmailNotifier

2009-03-05 17:09 . 2009-03-05 17:09 -------- d-----w c:\program files\Xplosiv

2009-03-05 14:38 . 2009-03-05 14:38 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2009-03-05 14:38 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-03-05 14:38 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat

2009-03-05 14:38 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-03-03 17:42 . 2009-03-03 17:42 -------- d-----w c:\programdata\Codemasters

2009-03-03 17:32 . 2009-03-03 13:59 444952 ----a-w c:\windows\System32\wrap_oal.dll

2009-03-03 17:32 . 2009-03-03 13:59 109080 ----a-w c:\windows\System32\OpenAL32.dll

2009-03-03 17:01 . 2009-03-03 17:01 216 ----a-w C:\DebugTrace-RockallDLL.log

2009-03-03 16:53 . 2009-03-03 16:53 -------- d-----w c:\program files\Codemasters

2009-03-03 13:59 . 2009-03-03 13:59 -------- d-----w c:\program files\OpenAL

2009-03-03 04:40 . 2009-04-15 09:10 827392 ----a-w c:\windows\System32\wininet.dll

2009-03-03 04:39 . 2009-04-15 09:10 183296 ----a-w c:\windows\System32\sdohlp.dll

2009-03-03 04:39 . 2009-04-15 09:10 551424 ----a-w c:\windows\System32\rpcss.dll

2009-03-03 04:39 . 2009-04-15 09:10 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-15 09:10 3600880 ----a-w c:\windows\System32\ntkrnlpa.exe

2009-03-03 04:37 . 2009-04-15 09:10 3548656 ----a-w c:\windows\System32\ntoskrnl.exe

2009-03-03 04:37 . 2009-04-15 09:10 78336 ----a-w c:\windows\System32\ieencode.dll

2009-03-03 04:37 . 2009-04-15 09:10 98304 ----a-w c:\windows\System32\iasrecst.dll

2009-03-03 04:37 . 2009-04-15 09:10 54784 ----a-w c:\windows\System32\iasads.dll

2009-03-03 04:37 . 2009-04-15 09:10 44032 ----a-w c:\windows\System32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-15 09:10 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-15 09:10 17408 ----a-w c:\windows\System32\iashost.exe

2009-03-03 02:28 . 2009-04-15 09:10 26624 ----a-w c:\windows\System32\ieUnatt.exe

2009-02-20 21:20 . 2009-02-20 21:20 -------- d-----w c:\programdata\2DBoy

2009-02-18 22:34 . 2009-02-18 22:34 680 ----a-w c:\users\Tiflo\AppData\Local\d3d9caps.dat

2009-02-17 20:48 . 2009-02-17 20:49 410984 ----a-w c:\windows\System32\deploytk.dll

2009-02-13 18:35 . 2009-02-13 18:35 98304 ----a-w c:\windows\System32\CmdLineExt.dll

2009-02-13 08:49 . 2009-04-15 09:10 72704 ----a-w c:\windows\System32\secur32.dll

2009-02-13 08:49 . 2009-04-15 09:10 1255936 ----a-w c:\windows\System32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 12:59 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-05 23:18 . 2009-02-05 23:17 69632 ----a-w c:\windows\ScUnin.exe

2009-02-05 23:18 . 2009-02-05 23:17 32172 ----a-w c:\windows\scunin.dat

2009-02-04 16:36 . 2009-02-04 16:36 93 ----a-w c:\users\Tiflo\AppData\Local\fusioncache.dat

2009-02-03 21:10 . 2009-02-03 21:10 22328 ----a-w c:\users\Tiflo\AppData\Roaming\PnkBstrK.sys

2009-02-03 21:10 . 2009-02-03 21:10 103736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-02-03 21:10 . 2009-02-03 21:10 66872 ----a-w c:\windows\System32\PnkBstrA.exe

2009-02-03 21:10 . 2009-02-03 21:10 669184 ----a-w c:\windows\System32\pbsvc.exe

2009-01-30 19:11 . 2009-01-30 19:11 5248 ---ha-r C:\dell.sdr

2009-01-30 19:10 . 2009-01-30 19:10 8704 ----a-w c:\windows\System32\hccoin.dll

2009-01-30 19:10 . 2009-01-30 19:10 15872 ----a-w c:\windows\System32\hcrstco.dll

2009-01-30 19:10 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat

2009-01-30 19:10 . 2009-01-30 19:10 22016 ----a-w c:\windows\System32\hid.dll

2009-01-30 19:10 . 2009-01-30 19:10 26112 ----a-w c:\windows\System32\hidserv.dll

2009-01-30 19:09 . 2009-01-30 19:09 1191936 ----a-w c:\windows\System32\msxml3.dll

2009-01-30 19:09 . 2009-01-30 19:09 74752 ----a-w c:\windows\System32\newdev.exe

2009-01-30 19:09 . 2009-01-30 19:09 468992 ----a-w c:\windows\System32\newdev.dll

2009-01-30 19:07 . 2009-01-30 19:07 738304 ----a-w c:\windows\System32\inetcomm.dll

2009-01-30 19:07 . 2009-01-30 19:07 269312 ----a-w c:\windows\System32\es.dll

2009-01-30 19:04 . 2009-01-30 19:04 361984 ----a-w c:\windows\System32\IPSECSVC.DLL

2009-01-30 19:03 . 2009-01-30 19:03 303616 ----a-w c:\windows\System32\wmpeffects.dll

2009-01-30 19:02 . 2009-01-30 19:02 885248 ----a-w c:\windows\System32\RacEngn.dll

2009-01-30 19:02 . 2009-01-30 19:02 1314816 ----a-w c:\windows\System32\quartz.dll

2009-01-30 19:01 . 2009-01-30 19:01 1695744 ----a-w c:\windows\System32\gameux.dll

2009-01-30 19:01 . 2009-01-30 19:01 801280 ----a-w c:\windows\System32\NaturalLanguage6.dll

2009-01-30 19:01 . 2009-01-30 19:01 2644480 ----a-w c:\windows\System32\NlsLexicons0009.dll

2009-01-30 19:01 . 2009-01-30 19:01 12240896 ----a-w c:\windows\System32\NlsLexicons0007.dll

2009-01-30 19:00 . 2009-01-30 19:09 181760 ----a-w c:\windows\System32\fsquirt.exe

2009-01-30 18:57 . 2009-01-30 18:57 1334272 ----a-w c:\windows\System32\msxml6.dll

2009-01-30 18:55 . 2009-01-30 18:55 408064 ----a-w c:\windows\System32\msinfo32.exe

2009-01-30 18:55 . 2009-01-30 18:55 2560 ----a-w c:\windows\AppPatch\AcRes.dll

2009-01-30 18:55 . 2009-01-30 18:55 246840 ----a-w c:\windows\System32\clfs.sys

2009-01-30 10:2009-02-03 20:38 42:04 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-03-28 18:59 2953216 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-03-28 18:59 2953216 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-03 2794928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-25 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-25 96800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-25 13552160]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-30 30192]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-01-30 10:49 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-03-28 18:46 90112 ----a-w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Tiflo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\users\Tiflo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{13FF525D-F427-4106-9F9A-19CF9E1EC7D3}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{A78B785E-0D39-4DF6-A028-861BDEE4FBBE}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{FBCF6E50-125D-487D-8309-E9631E45980A}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{19A79081-50C7-4FE9-A2E3-7C17F016235C}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{ECBA36C5-56E4-470F-BDE5-F62A8BC3458B}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{7DBB3073-B4B9-4372-A80C-72ED6AF14D51}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{19FDDC55-3A2B-416B-A762-7DA38FDAD262}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{AA4B586A-98EC-435B-9796-63B18A35FC0A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{ABF7F3EB-3CA5-45BF-8752-F803CE629B85}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{93C9DE04-224C-4369-98BD-58C8A8265DF6}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{925604E7-675A-47CE-8EA5-F5E464CE9F80}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{86E4A6EB-2A74-469B-853D-236E7B649DAC}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3891FF4B-2E64-49AC-BDEC-4C5396BC7F2F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{5C30DB6F-A232-4961-ACC0-0C268E9EAA6C}"= UDP:5353:Adobe CSI CS4

"{B26BD27A-4ADB-4968-B426-936AF503DAF3}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{04EF4861-9B65-4C7C-9C49-1DD7DD7CBD89}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"TCP Query User{821469E2-C32C-425E-9735-83859A1C87DA}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= UDP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"UDP Query User{56F26CD9-D742-4C01-B6CC-E16A519FF9B0}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= TCP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"TCP Query User{C2978359-5F82-4CCF-87FC-052AC9B5D208}c:\\users\\tiflo\\desktop\\w3-lan\\war3.exe"= UDP:c:\users\tiflo\desktop\w3-lan\war3.exe:war3.exe

"UDP Query User{CACD8F20-6B35-4D71-B272-84B143DC5481}c:\\users\\tiflo\\desktop\\w3-lan\\war3.exe"= TCP:c:\users\tiflo\desktop\w3-lan\war3.exe:war3.exe

"TCP Query User{31C211FB-ED59-4790-81D4-CD7E5FA966DB}c:\\users\\tiflo\\desktop\\starcraft\\starcraft.exe"= UDP:c:\users\tiflo\desktop\starcraft\starcraft.exe:starcraft.exe

"UDP Query User{8E654824-E64D-4230-AFEB-FFCA533F7401}c:\\users\\tiflo\\desktop\\starcraft\\starcraft.exe"= TCP:c:\users\tiflo\desktop\starcraft\starcraft.exe:starcraft.exe

"{F465871E-7ACC-4F76-88AE-0C1F4AC68F43}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{70A1DAEE-5A67-4E8C-931D-962F50F59657}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{93301071-C2A3-410D-81CB-34743F474588}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{ADA9F624-A036-4E2B-8708-B5603D1A8ED3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{FE908AB6-FAF9-4BC8-9889-783335395EC7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{76927582-8BC6-440A-A2E6-9EF72A7C8453}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{AB36A5C1-1390-4421-8149-80B97EF1B566}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft

"UDP Query User{A5FD8BCB-DA67-4EDC-BA5A-FF12E2AB4907}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft

"TCP Query User{ED4538E0-A2FA-4AC0-8630-A392975C3911}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{46A60B20-AE3F-4F40-BC21-6F5BF61F04C5}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"TCP Query User{E195AA4B-FA9E-499C-9B49-F0BA95D752F7}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™

"UDP Query User{F9797C48-2A98-48CD-AB6A-EE767866D3E5}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™

"TCP Query User{02AF7884-A012-44CF-B885-C538464B8011}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay

"UDP Query User{89985E75-CFA9-4CE5-A0A9-29527BE20595}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay

"TCP Query User{F5526089-AD4A-432A-93BF-7680E6B19995}c:\\program files\\age of empires ii\\empires2.exe"= UDP:c:\program files\age of empires ii\empires2.exe:Age of Empires II

"UDP Query User{FEB2A9BE-3314-4A40-9061-5401EEC21E0D}c:\\program files\\age of empires ii\\empires2.exe"= TCP:c:\program files\age of empires ii\empires2.exe:Age of Empires II

"TCP Query User{BF65F071-47B5-41CC-AEC3-8C8F029CC435}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= UDP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"UDP Query User{2C6F34FE-A91E-4124-9B59-2C1E374F8425}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= TCP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"TCP Query User{49DABD47-4FDC-4E4A-94D9-D7132F589C84}c:\\users\\tiflo\\downloads\\age of the empire 2\\age2_x1.exe"= UDP:c:\users\tiflo\downloads\age of the empire 2\age2_x1.exe:age2_x1.exe

"UDP Query User{CE2B5641-6666-465C-812F-4936EF51B63B}c:\\users\\tiflo\\downloads\\age of the empire 2\\age2_x1.exe"= TCP:c:\users\tiflo\downloads\age of the empire 2\age2_x1.exe:age2_x1.exe

"TCP Query User{AF98C2C6-091B-403C-8CFD-6854D369ED10}c:\\program files\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\far cry 2\bin\farcry2.exe:Far Cry® 2

"UDP Query User{DFAA0CDA-DEF8-43A1-A3FE-FF26E4EA6D0B}c:\\program files\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\far cry 2\bin\farcry2.exe:Far Cry® 2

"TCP Query User{46DF4012-BD49-4C08-B5D7-408AE91F8635}c:\\program files\\age of empires ii\\age2_x1.exe"= UDP:c:\program files\age of empires ii\age2_x1.exe:Age of Empires II Expansion

"UDP Query User{ED63084E-89F8-424B-8B3C-997A900089E3}c:\\program files\\age of empires ii\\age2_x1.exe"= TCP:c:\program files\age of empires ii\age2_x1.exe:Age of Empires II Expansion

"{F449FCCD-BA99-4A2C-B66D-F6362AC85538}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID

"{883E8F59-D27C-43A1-A310-B69074EE4010}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID

"TCP Query User{2D06D69C-720A-4B77-BA4A-89529BFBD25A}c:\\program files\\codemasters\\grid\\grid.exe"= UDP:c:\program files\codemasters\grid\grid.exe:GRID Executable

"UDP Query User{53CE5905-6F13-4DA2-987A-A07C3E886FF3}c:\\program files\\codemasters\\grid\\grid.exe"= TCP:c:\program files\codemasters\grid\grid.exe:GRID Executable

"{2D6C944A-9944-4637-913E-620E55A5730C}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{4EA91C0A-DBC8-4DA8-A381-33BF0567A1D7}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{1B8539C4-011E-41A2-B463-84A8FDDE6B36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{9ABDD755-A52B-4A6B-A640-2092367E639C}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{8A97ACF2-43BA-45F9-B124-B862A3C01DA2}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{455CE0EC-9BA6-45BD-A962-26332C940B06}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{E6E46FE2-5C04-49F1-BBF0-7933FA58C119}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{27BC7BEE-6FB5-4BF8-B669-F7DEFC885566}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"TCP Query User{8B1E8D2F-A80A-4F63-BE19-8B9B97C76FCE}c:\\users\\tiflo\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\tiflo\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{5CC9F231-B534-48D1-8A32-D0D2D9AB325D}c:\\users\\tiflo\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\tiflo\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"{2F3BDB29-A984-4526-B6D5-37CBE4F64349}"= c:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™

R2 DockLoginService;Dock Login Service; [x]

R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-30 30192]

R3 npggsvc;nProtect GameGuard Service; [x]

R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]

S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]

S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d4c4e0d-24a0-11de-ac4c-002269c383ea}]

\shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df2f000-f232-11dd-9dff-002269c383ea}]

\shell\AutoRun\command - G:\autorun.exe

.

.

------- Supplementary Scan -------

.

mWindow Title =

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm

FF - ProfilePath - c:\users\Tiflo\AppData\Roaming\Mozilla\Firefox\Profiles\jyoh0dyi.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\users\Tiflo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-20 22:18

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3028669498-637520200-3870374119-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):9d,b5,bf,46,49,d8,59,f8,aa,24,93,40,5c,be,6c,0e,be,bc,af,9d,dd,

06,91,e7,2e,38,df,9f,23,00,1b,3b,1b,f6,a9,63,5d,38,dd,cf,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3028669498-637520200-3870374119-1000_Classes\CLSID\{ea122b14-7d89-44a5-a4c5-4365208e0f52}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000006d

"Therad"=dword:00000009

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(744)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(4776)

c:\program files\Protector Suite QL\farchns.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\btncopy.dll

c:\program files\Internet Download Manager\idmmkb.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Protector Suite QL\upeksvr.exe

c:\windows\System32\wlanext.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\System32\PnkBstrA.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\System32\stacsv.exe

c:\windows\System32\conime.exe

c:\windows\System32\WerFault.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\Protector Suite QL\psqltray.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\hidfind.exe

c:\program files\DellTPad\ApntEx.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Internet Download Manager\IEMonitor.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\program files\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Completion time: 2009-04-20 22:22 - machine was rebooted

ComboFix-quarantined-files.txt 2009-04-20 20:22

ComboFix2.txt 2009-04-17 10:04

Pre-Run: 161,879,982,080 octets libres

Post-Run: 158,049,243,136 octets libres

387 --- E O F --- 2009-04-16 09:01

Modifié le 20 avril 2009 par saqhah

pear · le 21 avril 2009

Bonjour,

voila dés que je met un telechargement à partir de Internet Download Manager ma connexion internet se coupe

Ce n'est pas un problème d'infection.

Peut-être le désinstaller et le réinstaller ?

Ou chercher de l'aide ici :http://forum.zebulon.fr/internet-et-reseaux-f5.html

Télécharger sur le bureauOTMoveIt3 by OldTimer .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

:Processes

explorer.exe

:Files

c:\windows\system32\GameMon.des -service

:Services

npggsvc

:Reg

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

saqhah · le 21 avril 2009

Bonjour pear

========== PROCESSES ==========
Process explorer.exe killed successfully.

========== FILES ==========

File/Folder c:\windows\system32\GameMon.des -service not found.

========== SERVICES/DRIVERS ==========

Service\Driver npggsvc deleted successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc\\ not found.

========== COMMANDS ==========

File delete failed. C:\Users\Tiflo\AppData\Local\Temp\etilqs_ol46cxN8DvOKI1RHsIHz scheduled to be deleted on reboot.

File delete failed. C:\Users\Tiflo\AppData\Local\Temp\~DFBC06.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

Windows Temp folder emptied.

File delete failed. C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04212009_173901

Files moved on Reboot...

File C:\Users\Tiflo\AppData\Local\Temp\etilqs_ol46cxN8DvOKI1RHsIHz not found!

C:\Users\Tiflo\AppData\Local\Temp\~DFBC06.tmp moved successfully.

C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\Cache\_CACHE_001_ moved successfully.

C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\Cache\_CACHE_002_ moved successfully.

C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\Cache\_CACHE_003_ moved successfully.

C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\Cache\_CACHE_MAP_ moved successfully.

C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\urlclassifier3.sqlite moved successfully.

C:\Users\Tiflo\AppData\Local\Mozilla\Firefox\Profiles\jyoh0dyi.default\XUL.mfl moved successfully.

Voila

Je suis très curieux, j'aimerais savoir si il serait possible d'apprendre a analyser tous ces rapports ^^ Je suis actuellement en DUT informatique et je connais pas grand chose en matière de sécurité lol

pear · le 21 avril 2009

j'aimerais savoir si il serait possible d'apprendre a analyser tous ces rapports

Prenez contact là.

http://portail.securite-academie.fr/index.php?lng=fr

Vous y verrez des conseillers actuels ou anciens de Zebulon.

Je crois votre pc désormais propre.

On va le vérifier par un scan en ligne, svp.

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

Kaspersky

Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

saqhah · le 21 avril 2009

Merci pour le lien par contre le forum à l'air HS pour le moment ^^

Je suis entrain d'effectuer le scan

Finalement j'ai des problème avec Kapersky, cela fait 2 fois qu'il plante mon pc à 30%....

Modifié le 21 avril 2009 par saqhah

saqhah · le 22 avril 2009

pti up

pear · le 22 avril 2009

Faites le scan avec votre antivirus.

Si c'est Avast,

Télécharger Avira AntiVir Personal Edition en Anglais

Télécharger Avira AntiVir Personal Edition en Français

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

....AntiVir ne laisse pas entrer Bagle, sauf si l'utilisateur lui force la main pour récupérer un crack

Paramètres conseillés

Clic droit sur le parapluie---------------------->Configure-Configurer

Cliquer Expert mode----------------------------->Scan-Recherche:

Cocher: ----------------------------------------------->All files -Tous les Fichiers

Additionnal Settings-Autres réglages:--->tout cocher

Clic sur Scan+ -Recherche+

Action for concerning files -Action en cas de résultat positif:

Cocher-------------------------------------------------->Copie file to quarantine before action-Copier le fichier dans la quarantaine avant l'action:

Primary action-Action principale............>: Repair :Réparer ( au cas ou ce serait un fichier système corrompu)

Secondary action.-Action secondaire...>.: Delete-Supprimer ( s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine)

Désactivez votre antivirus actuel

Redémarrez en mode sans échec.

Lancez le scan

Postez le rapport

saqhah · le 23 avril 2009

Bizarre bizarre.... Antivir plante également à 30%. A vrai dire mon pc plante beaucoup en ce moment, j'ai également des shutDown avec écran bleu.

Je reposte un rapport HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:47, on 4/23/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 9021 bytes

pear · le 23 avril 2009

Bonjour,

Des antivirus qui ne fonctionnent pas, ce n'est pas bon signe.

Créez un sur C:`\ un dossier nommé Gamer

Télécharger gmer

vers C:\gamer

Clic droit sur fichier téléchargé->Extraire ici

Déconnecter internet si possible et fermer tous les programmes.

Double-clicquez sue le fichier

IMPORTANT: Si une alerte de l' antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laissez le s'executer.

Clic sur l'onglet "rootkit"

Clic sur Scan

A la fin du scan->Clic sur copie

Collez le résultat dans un prochain message

saqhah · le 23 avril 2009

Bonsoir,

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-23 20:35:12

Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT 9B796524 ZwCreateThread

SSDT 9B796510 ZwOpenProcess

SSDT 9B796515 ZwOpenThread

SSDT 9B79651F ZwTerminateProcess

SSDT 9B79651A ZwWriteVirtualMemory

INT 0x62 ? 8733AF00

INT 0x62 ? 8733AF00

INT 0x62 ? 8733AF00

INT 0x72 ? 8733AF00

INT 0x82 ? 8733AF00

INT 0x82 ? 8733AF00

INT 0x82 ? 8733AF00

INT 0x82 ? 8733AF00

INT 0xA2 ? 84B1DBF8

INT 0xB2 ? 854B2BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 81F0AA68 4 Bytes [24, 65, 79, 9B] {AND AL, 0x65; JNS 0xffffffffffffff9f}

.text ntkrnlpa.exe!KeSetTimerEx + 624 81F0AC38 4 Bytes [10, 65, 79, 9B] {ADC [EBP+0x79], AH; WAIT }

.text ntkrnlpa.exe!KeSetTimerEx + 640 81F0AC54 4 Bytes [15, 65, 79, 9B]

.text ntkrnlpa.exe!KeSetTimerEx + 854 81F0AE68 4 Bytes [1F, 65, 79, 9B]

.text ntkrnlpa.exe!KeSetTimerEx + 8B4 81F0AEC8 4 Bytes [1A, 65, 79, 9B] {SBB AH, [EBP+0x79]; WAIT }

? System32\Drivers\spmz.sys Le chemin d'accès spécifié est introuvable. !

.text USBPORT.SYS!DllUnload 8B9524CB 5 Bytes JMP 8733A4E0

.text axbg0rbp.SYS 8F759000 22 Bytes [26, 62, E2, 81, 10, 61, E2, ...]

.text axbg0rbp.SYS 8F759017 181 Bytes [00, 32, 57, 79, 80, 3D, 55, ...]

.text axbg0rbp.SYS 8F7590CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]

.text axbg0rbp.SYS 8F7590DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]

.text axbg0rbp.SYS 8F7590E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]

.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068C6D2] \SystemRoot\System32\Drivers\spmz.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068C040] \SystemRoot\System32\Drivers\spmz.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068C7FC] \SystemRoot\System32\Drivers\spmz.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068C0BE] \SystemRoot\System32\Drivers\spmz.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068C13C] \SystemRoot\System32\Drivers\spmz.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069C048] \SystemRoot\System32\Drivers\spmz.sys

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortNotification] CC000CC2

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortMoveMemory] 00012284

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0

IAT \SystemRoot\System32\Drivers\axbg0rbp.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 854B41F8

Device \FileSystem\fastfat \FatCdrom 9F87A1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{1D39389D-0C9D-4F2C-8033-564CBFBBD864} 907411F8

Device \Driver\sptd \Device\3443727825 spmz.sys

Device \Driver\volmgr \Device\VolMgrControl 84B1F1F8

Device \Driver\usbuhci \Device\USBPDO-0 873791F8

Device \Driver\usbuhci \Device\USBPDO-1 873791F8

Device \Driver\usbehci \Device\USBPDO-2 8737A1F8

Device \Driver\usbuhci \Device\USBPDO-3 873791F8

Device \Driver\usbuhci \Device\USBPDO-4 873791F8

Device \Driver\usbuhci \Device\USBPDO-5 873791F8

Device \Driver\usbehci \Device\USBPDO-6 8737A1F8

Device \Driver\volmgr \Device\HarddiskVolume1 84B1F1F8

Device \Driver\volmgr \Device\HarddiskVolume2 84B1F1F8

Device \Driver\cdrom \Device\CdRom0 874C71F8

Device \Driver\volmgr \Device\HarddiskVolume3 84B1F1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854B31F8

Device \Driver\atapi \Device\Ide\IdePort0 854B31F8

Device \Driver\cdrom \Device\CdRom1 874C71F8

Device \Driver\PCI_PNP3806 \Device\00000066 spmz.sys

Device \Driver\volmgr \Device\HarddiskVolume4 84B1F1F8

Device \Driver\netbt \Device\NetBt_Wins_Export 907411F8

Device \Driver\BTHUSB \Device\00000084 bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)

Device \Driver\Smb \Device\NetbiosSmb 9075D1F8

Device \Driver\BTHUSB \Device\00000086 bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)

Device \Driver\iScsiPrt \Device\RaidPort0 874C41F8

Device \Driver\netbt \Device\NetBT_Tcpip_{982B318A-C514-4A83-A84E-B24F29FA5014} 907411F8

Device \Driver\usbuhci \Device\USBFDO-0 873791F8

Device \Driver\usbuhci \Device\USBFDO-1 873791F8

Device \Driver\netbt \Device\NetBT_Tcpip_{07E06E57-A537-4980-AABF-B7F7B16C1B5C} 907411F8

Device \Driver\usbehci \Device\USBFDO-2 8737A1F8

Device \Driver\usbuhci \Device\USBFDO-3 873791F8

Device \Driver\usbuhci \Device\USBFDO-4 873791F8

Device \Driver\usbuhci \Device\USBFDO-5 873791F8

Device \Driver\usbehci \Device\USBFDO-6 8737A1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{C6EE52C3-C301-4EE6-B686-7BB902E7F9FA} 907411F8

Device \Driver\axbg0rbp \Device\Scsi\axbg0rbp1Port3Path0Target0Lun0 874D91F8

Device \Driver\axbg0rbp \Device\Scsi\axbg0rbp1 874D91F8

Device \FileSystem\fastfat \Fat 9F87A1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 84DF61F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269c383ea

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x26 0xE2 0x1C 0x05 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x79 0x5B 0xBA 0x42 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x20 0xC2 0x85 0xAB ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269c383ea

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x26 0xE2 0x1C 0x05 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x79 0x5B 0xBA 0x42 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x20 0xC2 0x85 0xAB ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci 8192 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir 4096 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid 65536 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci 12288 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir 4096 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid 65536 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci 20480 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir 4096 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid 65536 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci 20480 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir 4096 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid 65536 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci 12288 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.dir 4096 bytes

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid 65536 bytes

File C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 (size mismatch) 409600/393216 bytes

---- EOF - GMER 1.0.15 ----

Modifié le 23 avril 2009 par saqhah

Connexion

Pas encore inscrit ?

Analyse Hijack - p'tite verif

Messages recommandés

saqhah

pear

saqhah

pear

saqhah

saqhah

pear

saqhah

pear

saqhah

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer