Besoin aide pour infection Trojan

pear · le 15 mai 2010

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

File::

C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

C:\Users\Kévin\AppData\Roaming\sdra64.exe

C:\Users\Kévin\AppData\Local\Temp\Hfl.exe

c:\users\kvin~1\appdata\local\temp\jkkiih.dll

c:\users\kvin~1\appdata\local\temp\khgggd.dll

C:\Users\Kévin\AppData\Local\ypgwadeor\prrynsutssd.exe

Rootkit::

jahnlt.sys

Registry::

[HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\Run]

"M5T8QL3YW3"=-

"jiigdsys"=-

"lkdbixwd"=-

"jghhfdrv"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.

Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

Le rapport de ComboFix ne s'affichera qu'à la fin

Poster son contenu.

Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

[/color]

Modifié le 15 mai 2010 par pear

clache · le 15 mai 2010

voila le rapport

ComboFix 10-05-14.06 - Monique&Claude 15/05/2010 17:39:32.4.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1096 [GMT 2:00]

Lancé depuis: c:\users\Monique&Claude\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Monique&Claude\Desktop\CFScript.txt

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\users\Kévin\AppData\Local\Temp\Hfl.exe"

"c:\users\Kévin\AppData\Local\ypgwadeor\prrynsutssd.exe"

"c:\users\Kévin\AppData\Roaming\sdra64.exe"

"c:\users\kvin~1\appdata\local\temp\jkkiih.dll"

"c:\users\kvin~1\appdata\local\temp\khgggd.dll"

"c:\windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Exécution préalable -------

.

c:\users\Kévin\AppData\Local\Temp\Hfl.exe

c:\users\kvin~1\appdata\local\temp\khgggd.dll

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-15 au 2010-05-15 ))))))))))))))))))))))))))))))))))))

.

2010-05-15 15:47 . 2010-05-15 15:47 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-05-15 15:47 . 2010-05-15 15:47 -------- d-----w- c:\users\Monique\AppData\Local\temp

2010-05-15 15:47 . 2010-05-15 15:47 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2010-05-15 15:47 . 2010-05-15 15:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-15 15:47 . 2010-05-15 15:47 -------- d-----w- c:\users\Camille\AppData\Local\temp

2010-05-15 15:35 . 2010-05-15 15:35 -------- d-----w- c:\users\Monique&Claude\AppData\Local\Mozilla

2010-05-15 15:19 . 2010-05-15 16:01 -------- d-----w- c:\users\Monique&Claude\AppData\Local\temp

2010-05-14 17:09 . 2008-11-19 07:41 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys

2010-05-14 17:09 . 2010-05-14 17:09 -------- d-----w- c:\program files\Wondershare

2010-05-13 17:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-05-13 16:47 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll

2010-05-13 08:28 . 2010-05-15 15:37 -------- d-----w- C:\rsit

2010-05-13 08:28 . 2010-05-14 16:07 -------- d-----w- c:\program files\trend micro

2010-05-13 08:26 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-13 08:26 . 2010-05-13 08:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-13 08:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-12 18:56 . 2010-05-12 22:58 -------- d-----w- c:\program files\a-squared Free

2010-05-12 18:53 . 2010-05-12 18:53 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\Uniblue

2010-05-12 03:29 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-08 11:49 . 2010-05-08 11:49 -------- d-----w- c:\users\Monique&Claude\AppData\Local\Western Digital

2010-05-02 15:46 . 2010-05-02 15:46 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\Media Player Classic

2010-05-02 15:00 . 2010-05-02 15:00 -------- d-----w- c:\users\Monique\AppData\Roaming\TuneUp Software

2010-05-02 12:38 . 2010-04-20 14:40 30536 ----a-w- c:\windows\system32\TURegOpt.exe

2010-05-02 12:38 . 2010-04-20 14:35 21320 ----a-w- c:\windows\system32\authuitu.dll

2010-05-02 12:38 . 2010-04-20 14:35 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-05-02 12:38 . 2010-05-02 12:38 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\TuneUp Software

2010-05-02 12:38 . 2010-05-02 12:40 -------- d-----w- c:\program files\TuneUp Utilities 2010

2010-05-02 12:37 . 2010-05-02 12:38 -------- d-----w- c:\programdata\TuneUp Software

2010-05-02 12:37 . 2010-05-02 12:37 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-04-30 21:08 . 2010-04-30 21:08 -------- d-----w- c:\program files\Haali

2010-04-30 21:08 . 2010-04-30 21:08 -------- d-----w- c:\program files\DScaler5

2010-04-30 21:07 . 2010-04-30 21:07 -------- d-----w- c:\program files\MPC HomeCinema

2010-04-30 15:24 . 2010-04-30 15:29 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\vlc

2010-04-28 16:55 . 2010-04-28 16:55 -------- d-----w- c:\users\Monique\AppData\Roaming\Yahoo!

2010-04-25 19:10 . 2010-05-12 19:10 -------- d-----w- c:\programdata\Yahoo! Companion

2010-04-25 19:10 . 2010-04-25 19:10 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\Yahoo!

2010-04-25 19:10 . 2010-04-25 19:10 -------- d-----w- c:\program files\Yahoo!

2010-04-21 20:20 . 2010-04-21 20:20 -------- d-----w- c:\users\Monique\AppData\Local\PCTV Systems

2010-04-21 19:59 . 2010-04-21 19:59 -------- d-----w- c:\windows\system32\Hauppauge

2010-04-21 19:49 . 2010-04-21 19:49 -------- d-----w- c:\users\Monique&Claude\AppData\Local\PCTV Systems

2010-04-21 19:44 . 2010-04-21 19:59 -------- d-----w- c:\program files\PCTV Systems

2010-04-21 19:44 . 2010-04-21 19:45 -------- d-----w- c:\program files\Common Files\PCTV Systems

2010-04-21 19:42 . 2010-04-21 19:50 -------- d-----w- c:\programdata\PCTV Systems

2010-04-21 17:10 . 2010-04-21 17:10 -------- d-----w- c:\windows\system32\RTCOM

2010-04-21 16:46 . 2010-04-21 16:46 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\DivX

2010-04-21 12:00 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-04-20 20:03 . 2010-04-03 22:55 56424 ----a-w- c:\windows\system32\OpenCL.dll

2010-04-20 20:03 . 2010-04-03 22:55 11573800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2010-04-20 20:03 . 2010-04-03 22:55 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll

2010-04-20 20:03 . 2010-04-03 22:55 15227496 ----a-w- c:\windows\system32\nvoglv32.dll

2010-04-20 20:03 . 2010-04-03 22:55 4029544 ----a-w- c:\windows\system32\nvcuda.dll

2010-04-20 20:03 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-04-20 20:03 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod1914.dll

2010-04-20 20:03 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod.dll

2010-04-20 20:03 . 2010-04-03 22:55 2009704 ----a-w- c:\windows\system32\nvcuvid.dll

2010-04-20 20:03 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll

2010-04-20 20:00 . 2010-04-20 20:00 -------- d-----w- c:\windows\system32\WinFast

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-15 16:01 . 2010-04-06 15:41 71477 ----a-w- c:\programdata\nvModes.dat

2010-05-15 16:00 . 2007-09-01 08:15 -------- d-----w- c:\programdata\NVIDIA

2010-05-15 15:28 . 2007-06-02 06:18 669328 ----a-w- c:\windows\system32\perfh00C.dat

2010-05-15 15:28 . 2007-06-02 06:18 123350 ----a-w- c:\windows\system32\perfc00C.dat

2010-05-13 17:26 . 2007-06-01 21:03 -------- d-----w- c:\program files\Google

2010-05-13 08:09 . 2007-09-01 08:03 680 ----a-w- c:\users\Monique&Claude\AppData\Local\d3d9caps.dat

2010-05-12 12:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-05-12 08:45 . 2009-02-08 10:00 1 ----a-w- c:\users\Monique&Claude\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-05-10 19:15 . 2009-02-08 10:02 1 ----a-w- c:\users\Monique\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-05-02 12:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-04-30 21:07 . 2007-10-28 08:10 -------- d-----w- c:\program files\ffdshow

2010-04-25 19:10 . 2007-09-01 17:24 -------- d-----w- c:\program files\CCleaner

2010-04-24 16:18 . 2008-04-06 14:29 -------- d-----w- c:\program files\Opera

2010-04-24 16:04 . 2007-12-24 08:43 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\XnView

2010-04-21 17:11 . 2009-12-22 12:26 -------- d--h--w- c:\program files\Temp

2010-04-21 17:09 . 2007-06-01 20:40 319456 ----a-w- c:\windows\DIFxAPI.dll

2010-04-21 17:09 . 2007-06-01 20:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-21 16:49 . 2007-11-02 10:01 -------- d-----w- c:\program files\Picasa2

2010-04-21 14:01 . 2007-10-28 08:10 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-04-20 19:54 . 2009-12-22 12:05 -------- d-----w- c:\programdata\ma-config.com

2010-04-20 19:54 . 2009-12-22 12:05 -------- d-----w- c:\program files\ma-config.com

2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\users\Monique\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

2010-04-10 22:08 . 2010-04-10 22:08 -------- d-----w- c:\programdata\McAfee

2010-04-10 12:46 . 2009-03-04 11:23 -------- d-----w- c:\users\Monique\AppData\Roaming\MEGAUPLOADTOOLBAR

2010-04-10 11:23 . 2010-04-10 10:37 -------- d-----w- c:\program files\Conquer Online 2.0

2010-04-07 16:58 . 2010-04-06 15:31 600680 ----a-w- c:\windows\system32\nvuninst.exe

2010-04-06 15:51 . 2009-12-22 12:19 -------- d-----w- c:\program files\NVIDIA Corporation

2010-04-06 15:24 . 2009-03-05 10:42 -------- d-----w- c:\program files\AGEIA Technologies

2010-04-06 15:16 . 2009-12-22 13:44 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\HpUpdate

2010-04-03 22:55 . 2010-04-20 20:03 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2010-04-03 22:55 . 2010-04-06 15:31 600680 ----a-w- c:\windows\system32\nvudisp.exe

2010-04-03 22:55 . 2009-10-29 13:55 9386600 ----a-w- c:\windows\system32\nvd3dum.dll

2010-04-03 22:55 . 2009-10-29 13:55 1296488 ----a-w- c:\windows\system32\nvapi.dll

2010-04-03 16:27 . 2010-04-03 16:27 985704 ----a-w- c:\windows\system32\nvsvc.dll

2010-04-03 16:27 . 2010-04-03 16:27 1515624 ----a-w- c:\windows\system32\nvsvcr.dll

2010-04-03 16:27 . 2010-04-03 16:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll

2010-04-03 16:27 . 2010-04-03 16:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe

2010-04-03 16:27 . 2010-04-03 16:27 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-03-27 12:10 . 2009-12-16 07:24 -------- d-----w- c:\programdata\Norton

2010-03-27 12:09 . 2007-11-02 14:26 -------- d-----w- c:\program files\Canon

2010-03-26 16:24 . 2010-04-21 17:09 3048096 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys

2010-03-26 16:03 . 2010-04-21 17:09 1749536 ----a-w- c:\windows\system32\RtkPgExt.dll

2010-03-26 16:03 . 2010-04-21 17:09 57888 ----a-w- c:\windows\system32\RtkCoInst.dll

2010-03-26 16:02 . 2010-04-21 17:09 371232 ----a-w- c:\windows\system32\RtkApoApi.dll

2010-03-26 16:02 . 2010-04-21 17:09 2649120 ----a-w- c:\windows\system32\RtkAPO.dll

2010-03-26 15:45 . 2007-09-02 16:01 8224 ----a-w- c:\users\Camille\AppData\Local\GDIPFONTCACHEV1.DAT

2010-03-22 12:22 . 2010-04-21 17:09 1247776 ----a-w- c:\windows\RtlExUpd.dll

2010-03-20 17:41 . 2010-03-20 17:41 -------- d-----w- c:\programdata\Avira

2010-03-20 17:41 . 2010-03-20 17:41 -------- d-----w- c:\program files\Avira

2010-03-20 17:33 . 2007-06-01 21:03 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-03-20 17:32 . 2009-03-21 08:39 -------- d-----w- c:\program files\Symantec

2010-03-20 17:32 . 2007-10-27 16:34 -------- d-----w- c:\programdata\Symantec

2010-03-20 13:37 . 2010-03-20 13:37 -------- d-----w- c:\program files\Gameforge4D

2010-03-17 18:41 . 2010-03-17 18:14 -------- d-----w- c:\program files\Gimp

2010-03-17 10:08 . 2010-04-21 17:09 307616 ----a-w- c:\windows\system32\FMAPO.dll

2010-03-16 06:51 . 2010-04-06 15:47 215656 ----a-w- c:\windows\system32\nvcod1910.dll

2010-03-08 14:31 . 2010-03-08 14:31 26896 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\iTVCenter.dll

2010-03-08 14:31 . 2010-03-08 14:31 24336 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\TvServiceClient.dll

2010-03-04 15:19 . 2010-03-04 18:02 38784 ----a-w- c:\users\Monique\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-03-04 15:19 . 2010-03-04 15:19 38784 ----a-w- c:\users\Monique&Claude\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-03-04 15:19 . 2010-03-04 15:19 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-03-04 14:21 . 2010-03-04 14:21 120080 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\Misc.Util.dll

2010-03-04 14:21 . 2010-03-04 14:21 48912 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\Misc.Media.dll

2010-03-04 14:21 . 2010-03-04 14:21 103696 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\Misc.IO.dll

2010-03-03 19:50 . 2007-08-24 16:18 98368 ----a-w- c:\users\Monique&Claude\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-24 14:09 . 2007-08-25 12:54 98368 ----a-w- c:\users\Monique\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-23 11:10 . 2010-04-14 21:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-23 11:10 . 2010-04-14 21:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-02-23 11:10 . 2010-04-14 21:27 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-23 06:39 . 2010-05-13 16:49 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33 . 2010-05-13 16:49 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33 . 2010-05-13 16:49 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55 . 2010-05-13 16:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-20 23:06 . 2010-03-11 13:01 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05 . 2010-03-11 13:01 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 20:53 . 2010-03-11 13:01 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-18 14:07 . 2010-04-14 21:26 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-02-18 14:07 . 2010-04-14 21:26 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-18 14:07 . 2010-04-14 21:26 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-18 13:30 . 2010-04-14 21:26 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-02-18 11:28 . 2010-04-14 21:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2007-09-01 20:06 . 2007-09-01 20:06 22 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]

"RemoTerm.exe"="c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2010-02-23 638232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"etMonitor"="c:\windows\etMon.exe" [2007-09-19 102400]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]

"CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-12-07 163928]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Rechercher les mises … jour.lnk - c:\program files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):8c,16,c7,43,b4,6a,ca,01

R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

R3 DCamUSBET;ET USB 2750 Camera;c:\windows\system32\DRIVERS\etDevice.sys [2008-03-01 131712]

R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2008-06-12 183168]

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-04-03 243056]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-06-28 3100060]

R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-07 6656]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-15 1872320]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2009-12-07 188416]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-01-08 233472]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-20 1050440]

S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 44544]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-01-08 36608]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK

*Deregistered* - jahnlt

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901323267-570254288-1772102938-1004Core.job

- c:\users\Monique\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 07:57]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901323267-570254288-1772102938-1004UA.job

- c:\users\Monique\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 07:57]

2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{997C55C0-66A2-475B-8778-829FD12EEECF}.job

- c:\windows\system32\msfeedssync.exe [2010-05-13 04:54]

2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{B8F0A0D2-08CA-480D-9ECD-D89D14DB0951}.job

- c:\windows\system32\msfeedssync.exe [2010-05-13 04:54]

2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{E751C124-48C6-4A88-AFDD-210D6596364B}.job

- c:\windows\system32\msfeedssync.exe [2010-05-13 04:54]

2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{E9981789-9055-4D0F-AE12-E069F2AA4615}.job

- c:\windows\system32\msfeedssync.exe [2010-05-13 04:54]

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.free.fr/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=desktop

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Monique&Claude\AppData\Roaming\Mozilla\Firefox\Profiles\mpjisk8q.default\

FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\jahnlt]

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-901323267-570254288-1772102938-1001\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:8a,b8,c4,e1,a0,62,40,98,57,80,30,e3,fc,0f,73,6b,c2,63,3a,47,0e,

fb,27,b4,c5,79,a1,b0,3f,63,d7,42,ad,74,72,a6,05,25,64,4c,70,e1,8b,14,02,d4,\

"rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\ehome\ehsched.exe

c:\windows\ehome\ehRecvr.exe

c:\hp\kbd\kbd.exe

c:\windows\system32\Taskmgr.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Heure de fin: 2010-05-15 18:09:33 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-05-15 16:09

ComboFix2.txt 2010-05-15 15:09

ComboFix3.txt 2010-05-15 12:34

Avant-CF: 174 462 177 280 octets libres

Après-CF: 174 422 855 680 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7

- - End Of File - - 05D3AA9C62B934D2CDDEC6719575C53E

pear · le 16 mai 2010

Bonjour,

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Folder::

Driver::

npggsvc

jahnlt

File::

c:\windows\system32\drivers\jahnlt.sys.sys

c:\windows\system32\GameMon.des -service

Registry::

[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\jahnlt]

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.

Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

Le rapport de ComboFix ne s'affichera qu'à la fin

Poster son contenu.

Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

clache · le 16 mai 2010

Re bonjour PEAR

ci joint le dernier fichier combofix

ComboFix 10-05-14.06 - Monique&Claude 16/05/2010 15:56:30.5.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1290 [GMT 2:00]

Lancé depuis: c:\users\Monique&Claude\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Monique&Claude\Desktop\CFScript2.txt

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\windows\system32\drivers\jahnlt.sys.sys"

"c:\windows\system32\GameMon.des -service"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_JAHNLT

-------\Service_jahnlt

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-16 au 2010-05-16 ))))))))))))))))))))))))))))))))))))

.

2010-05-16 14:02 . 2010-05-16 14:09 -------- d-----w- c:\users\Monique&Claude\AppData\Local\temp

2010-05-16 14:02 . 2010-05-16 14:02 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-05-16 14:02 . 2010-05-16 14:02 -------- d-----w- c:\users\Monique\AppData\Local\temp

2010-05-16 14:02 . 2010-05-16 14:02 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2010-05-16 14:02 . 2010-05-16 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-16 14:02 . 2010-05-16 14:02 -------- d-----w- c:\users\Camille\AppData\Local\temp

2010-05-15 15:35 . 2010-05-15 15:35 -------- d-----w- c:\users\Monique&Claude\AppData\Local\Mozilla

2010-05-14 17:09 . 2008-11-19 07:41 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys

2010-05-14 17:09 . 2010-05-14 17:09 -------- d-----w- c:\program files\Wondershare

2010-05-13 17:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-05-13 16:47 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll

2010-05-13 08:28 . 2010-05-16 13:52 -------- d-----w- C:\rsit

2010-05-13 08:28 . 2010-05-14 16:07 -------- d-----w- c:\program files\trend micro

2010-05-13 08:26 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-13 08:26 . 2010-05-13 08:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-13 08:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-12 18:56 . 2010-05-12 22:58 -------- d-----w- c:\program files\a-squared Free

2010-05-12 18:53 . 2010-05-12 18:53 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\Uniblue

2010-05-12 03:29 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-11 19:52 . 2010-05-16 14:03 823808 ----a-w- c:\windows\system32\drivers\jahnlt.sys