Cpu 50 % - Svchost

[nardino]

Bonjour.
Télécharge Gmer.exe sur ton bureau.
http://www.gmer.net/#files
Clique sur Download EXE
Tu vas obtenir une fichier avec une suite de caractères.exe.
Tu cliques droit sur le fichier et Exécuter en tant qu'administrateur.
Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"
Tu cliques sur l'onglet Rootkit/Malware

Tu décoches ces cases
- Sections
- IAT/EAT
- Disque/Partition autre que C (dans le cadre en-dessous de Files)
- Show All

Clique sur le bouton Scan
Laisse l'outil travailler, cela peut prendre un quart d'heure.
Quand le scan sera terminé, clique sur Save...
Nomme-le ark.txt et enregistre sur le bureau
Tu l'ouvres et tu postes un copier-coller dans ta réponse.

Tu supprimes les lignes en rouge s'il y en a.



Tu cliques droit sur la ligne et tu sélectionnes l'action appropriée : Delete File ou Delete the service selon le type dela colonne de gauche.



@+

[Ouach]

Bonjour,

Voilà j'ai commencé le scan comme prévu et il m'a trouvé le dpvrmz.sys en rouge mais je voulais savoir si je supprimé les reg du meme nom en noire juste en dessous de la ligne rouge..
Sinon pas réussi a scan en entier car une fois le programme a cessé de fonctionner et une autre fois j'ai eu un bug internet et je ne pouvais plus rien ouvrir...gestionnaire des taches...malgres que gmer scanait encore...donc j'ai eteind mon pc via "interrupteur"..
je ferme tout et je vais relancer le scan la.

Merci

[nardino]

Bonjour
Tu exécutes Gmer avec élévation des privilèges ?
@+

[Ouach]

Alors n'ayant pas le controle des comptes activé j'avais cru bien faire en ne passant pas via "en tant qu'administrateur" et ça buggait
apres avoir suivi à la lettre les étapes ... voici le rapport:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-29 16:36:19
Windows 6.0.6002 Service Pack 2
Running: vbsvmgkq.exe; Driver: C:\Users\Roum\AppData\Local\Temp\pfrdapoc.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 8607DF00
INT 0x72 ? 84056EB0
INT 0x82 ? 84056EB0
INT 0x92 ? 84056EB0
INT 0x92 ? 84056EB0
INT 0x92 ? 8607DF00
INT 0x92 ? 8607DF00
INT 0x92 ? 84056EB0
INT 0x93 ? 8607DF00
INT 0xA3 ? 8607DF00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85F74F38
Device \FileSystem\Ntfs \Ntfs 84E151F8
Device \FileSystem\fastfat \FatCdrom 868851F8
Device \Driver\volmgr \Device\VolMgrControl 840581F8
Device \Driver\usbuhci \Device\USBPDO-0 8612F1F8
Device \Driver\usbuhci \Device\USBPDO-1 8612F1F8
Device \Driver\usbuhci \Device\USBPDO-2 8612F1F8
Device \Driver\usbuhci \Device\USBPDO-3 8612F1F8
Device \Driver\usbehci \Device\USBPDO-4 8612E1F8
Device \Driver\USBSTOR \Device\00000061 867561F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\PCI_PNP6457 \Device\00000049 spji.sys
Device \Driver\USBSTOR \Device\00000062 867561F8
Device \Driver\sptd \Device\1927414480 spji.sys
Device \Driver\USBSTOR \Device\00000063 867561F8
Device \Driver\volmgr \Device\HarddiskVolume1 840581F8
Device \Driver\USBSTOR \Device\00000064 867561F8
Device \Driver\volmgr \Device\HarddiskVolume2 840581F8
Device \Driver\cdrom \Device\CdRom0 8625F500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E141F8
Device \Driver\atapi \Device\Ide\IdePort0 84E141F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84E141F8
Device \Driver\atapi \Device\Ide\IdePort1 84E141F8
Device \Driver\atapi \Device\Ide\IdePort2 84E141F8
Device \Driver\atapi \Device\Ide\IdePort3 84E141F8
Device \Driver\cdrom \Device\CdRom1 8625F500
Device \Driver\volmgr \Device\HarddiskVolume3 840581F8
Device \Driver\cdrom \Device\CdRom2 8625F500
Device \Driver\volmgr \Device\HarddiskVolume4 840581F8
Device \Driver\volmgr \Device\HarddiskVolume5 840581F8
Device \Driver\netbt \Device\NetBT_Tcpip_{30E1F9D0-32C6-460C-894F-281F6FB9A075} 86754500
Device \Driver\netbt \Device\NetBt_Wins_Export 86754500
Device \Driver\Smb \Device\NetbiosSmb 867061F8
Device \Driver\iScsiPrt \Device\RaidPort0 8619B1F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 8612F1F8
Device \Driver\usbuhci \Device\USBFDO-1 8612F1F8
Device \Driver\usbuhci \Device\USBFDO-2 8612F1F8
Device \Driver\usbuhci \Device\USBFDO-3 8612F1F8
Device \Driver\usbehci \Device\USBFDO-4 8612E1F8
Device \Driver\akjfvgy3 \Device\Scsi\akjfvgy31Port5Path0Target0Lun0 8612B1F8
Device \Driver\akjfvgy3 \Device\Scsi\akjfvgy31 8612B1F8
Device \Driver\akjfvgy3 \Device\Scsi\akjfvgy31Port5Path0Target1Lun0 8612B1F8
Device \FileSystem\fastfat \Fat 868851F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 871E41F8

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] dpvrmz <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\dpvrmz@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\dpvrmz@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\dpvrmz@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\dpvrmz@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xF4 0x64 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0xC4 0xC8 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x75 0xD5 0x54 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA1 0xD2 0x64 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\dpvrmz@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\dpvrmz@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\dpvrmz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\dpvrmz@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xF4 0x64 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0xC4 0xC8 0xC9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x75 0xD5 0x54 0x19 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA1 0xD2 0x64 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@t!s!d!f!`!`!\24!t!s!t!t!r!d!r!s!\30! 19583823
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

PS:par contre la suppression du fichier rouge c'est soldé par un echec

Merci d'avance.

[nardino]

Bonsoir,
**Création d'un Script Combofix**

ATTENTION : Cette procédure a été rédigée pour le cas présent, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.

Ouvre le bloc-notes : Tous les programmes-Accessoire-Bloc-notes
Colles-y les lignes écrites ci-dessous :
Veille à ce que Retour à la ligne ne soit pas coché dans Format.

Driver::
pfrdapoc
akjfvgy3
dpvrmz
spji

Files::
C:\Users\Roum\AppData\Local\Temp\pfrdapoc.sys

Registry::
[-HKLM\SYSTEM\CurrentControlSet\Services\dpvrmz]
[-HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

Enregistre-le sous CFScript.txt, sur le bureau
Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe

Combofix va se lancer et faire redémarrer l'ordinateur.
Poste le rapport C:\Combofix et un nouveau rapport Gmer.
Donne des infos sur l'évolution de tes problèmes.
@+

[Ouach]

Salut,

Alors tout fait comme prévu et combo a reboot mon pc et des que ya eu l'ecran bleu (pas celui de crash mais celui lorsque combofix travaille) une fenetre c'est ouverte en disant qu'il y avait un probleme dans l'ecriture du CFScript.
Par contre je dois exécuter combofix comme la premiere fois en ayant au préalable désactivé avast et spybot ou en les laissant ?

Merci Ouach.

[nardino]

Bonsoir.
Désactive Tea-Timer, ton antivirus résident et refais un nouveau script, j'ai modifié ma réponse précédente.
@+

[Ouach]

Bonjour,

alors voici le rapport combofix:

ComboFix 09-12-29.05 - Roum 30/12/2009 14:14:54.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1138 [GMT 1:00]
Lancé depuis: c:\users\Roum\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Roum\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 081120-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081120-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\driVERs\dpvrmz.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DPVRMZ
-------\Legacy_PFRDAPOC
-------\Service_dpvrmz


((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-30 ))))))))))))))))))))))))))))))))))))
.

2009-12-30 13:25 . 2009-12-30 13:27 -------- d-----w- c:\users\Roum\AppData\Local\temp
2009-12-30 13:25 . 2009-12-30 13:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-30 13:25 . 2009-12-30 13:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-22 13:13 . 2009-12-22 16:42 -------- d-----w- C:\RootRepeal
2009-12-19 14:45 . 2009-12-19 14:45 -------- d-----w- c:\users\Roum\AppData\Roaming\Malwarebytes
2009-12-19 14:45 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 14:45 . 2009-12-19 14:45 -------- d-----w- c:\programdata\Malwarebytes
2009-12-19 14:45 . 2009-12-19 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 14:45 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 12:58 . 2009-12-19 12:59 -------- d-----w- C:\rsit
2009-12-19 12:47 . 2009-12-19 15:00 -------- d-----w- c:\program files\trend micro
2009-12-19 12:39 . 2009-12-19 12:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-19 10:55 . 2009-05-05 08:59 22168 ----a-w- c:\windows\system32\drivers\xfilt.sys
2009-12-19 10:55 . 2009-05-05 08:58 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
2009-12-19 10:51 . 2009-12-19 10:51 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-12-19 10:51 . 2009-12-19 10:51 -------- d-----w- c:\windows\PCHEALTH
2009-12-19 10:42 . 2009-12-30 13:27 -------- d-----w- c:\programdata\NVIDIA
2009-12-19 10:40 . 2009-12-19 10:42 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-19 10:39 . 2009-11-21 02:34 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-12-19 10:39 . 2009-11-21 02:34 76392 ----a-w- c:\windows\system32\OpenCL.dll
2009-12-19 10:39 . 2009-11-21 02:34 4241000 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-12-19 10:39 . 2009-11-21 02:34 11515752 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-12-19 10:39 . 2009-11-21 02:34 14064232 ----a-w- c:\windows\system32\nvoglv32.dll
2009-12-19 10:39 . 2009-11-21 02:34 4001384 ----a-w- c:\windows\system32\nvcuda.dll
2009-12-19 10:39 . 2009-11-21 02:34 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
2009-12-19 10:39 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-12-19 10:39 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod178.dll
2009-12-19 10:39 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-12-19 10:39 . 2009-11-21 02:34 11381352 ----a-w- c:\windows\system32\nvcompiler.dll
2009-12-19 10:39 . 2009-12-19 10:39 -------- d-----w- C:\NVIDIA
2009-12-18 18:01 . 2009-12-19 10:34 -------- d-----w- c:\program files\ma-config.com
2009-12-18 18:01 . 2009-12-19 10:34 -------- d-----w- c:\programdata\ma-config.com
2009-12-18 14:03 . 2009-12-18 14:05 -------- d-----w- c:\program files\WhoCrashed
2009-12-16 09:07 . 2009-12-16 09:06 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-14 18:27 . 2009-12-14 18:27 -------- d-----w- C:\perflogs
2009-12-14 14:36 . 2009-12-14 14:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-10 02:03 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:03 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 02:03 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 09:35 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 13:27 . 2009-12-19 10:49 34800 ----a-w- c:\programdata\nvModes.dat
2009-12-30 09:32 . 2006-11-02 15:48 714378 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-30 09:32 . 2006-11-02 15:48 143166 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-29 09:48 . 2008-06-15 08:33 680 ----a-w- c:\users\Roum\AppData\Local\d3d9caps.dat
2009-12-26 21:31 . 2008-09-04 20:11 -------- d-----w- c:\users\Roum\AppData\Roaming\RayV
2009-12-21 16:33 . 2008-03-12 06:01 -------- d-----w- c:\program files\VstPlugins
2009-12-19 18:36 . 2008-07-05 18:09 -------- d-----w- c:\program files\Recycle
2009-12-19 12:40 . 2008-03-15 12:44 -------- d-----w- c:\program files\Java
2009-12-19 10:55 . 2008-03-12 05:42 51400 ----a-w- c:\users\Roum\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-19 10:12 . 2008-12-06 00:12 -------- d-----w- c:\users\Roum\AppData\Roaming\teamspeak2
2009-12-19 10:12 . 2008-03-31 20:27 -------- d-----w- c:\users\Roum\AppData\Roaming\Winamp
2009-12-19 10:11 . 2008-03-12 14:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-19 10:11 . 2008-04-02 20:30 -------- d-----w- c:\program files\PhotoFiltre
2009-12-19 10:11 . 2007-05-11 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-19 10:11 . 2008-03-26 17:33 -------- d-----w- c:\program files\Bonjour
2009-12-19 10:11 . 2008-03-17 20:07 -------- d-----w- c:\program files\CCleaner
2009-12-19 10:11 . 2007-06-12 09:25 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-13 13:02 . 2008-10-08 03:04 -------- d-----w- c:\users\Roum\AppData\Roaming\My Games
2009-12-10 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-24 23:54 . 2008-03-16 16:45 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-03-31 16:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-03-31 16:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-03-16 16:45 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2008-03-16 16:45 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-03-16 16:45 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-03-16 16:45 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 06:40 . 2009-12-09 09:36 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 09:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 09:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 09:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 02:34 . 2009-12-19 10:39 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-11-21 02:34 . 2007-06-11 14:29 592488 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2007-06-11 14:29 9333352 ----a-w- c:\windows\system32\nvd3dum.dll
2009-11-21 02:34 . 2007-06-11 14:29 1249896 ----a-w- c:\windows\system32\nvapi.dll
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 19:33 . 2009-11-20 19:33 1323624 ----a-w- c:\windows\system32\nvsvcr.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-19 21:54 . 2008-05-06 00:13 80 ----a-w- c:\windows\msocreg32.dat
2009-11-19 20:42 . 2007-06-12 07:18 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-18 03:21 . 2009-11-18 03:21 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 03:21 . 2009-11-18 03:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-29 09:17 . 2009-11-25 21:24 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-08 21:08 . 2009-11-18 02:00 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 02:00 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 02:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-28 1468296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=ma_cmidn.dll
"midi3"=ma_cmidn.dll
"midi4"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\I:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2009-08-19 12:59 2487592 ----a-w- c:\program files\RayV\RayV\RayV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):62,66,6f,d2,c5,3f,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4072832112-4049359469-3962481220-1000]
"EnableNotificationsRef"=dword:00000002

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [19/12/2009 11:55 22168]
R1 Asapi;Asapi;c:\windows\System32\drivers\asapi.sys [30/04/2008 13:17 11264]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31/03/2008 17:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31/03/2008 17:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [16/03/2008 17:45 53328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14/12/2009 15:37 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20/11/2009 19:17 240232]
S2 gupdate1c9ba0155b52bc0;Service Google Update (gupdate1c9ba0155b52bc0);c:\program files\Google\Update\GoogleUpdate.exe [10/04/2009 18:25 133104]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xhybrid.sys [09/05/2007 11:02 1136600]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\System32\drivers\vrtaucbl.sys [16/03/2008 10:37 52608]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [28/04/2008 17:40 21504]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [17/03/2008 18:06 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:25]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 17:25]

2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{09B308F4-8679-4DF4-A0FC-0E19B87093C2}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Roum\AppData\Roaming\Mozilla\Firefox\Profiles\q0awamy7.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozillaofficial
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 14:27
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\_av_proI.tm~a03308\onefile.dld 645 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Heure de fin: 2009-12-30 14:38:25 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-30 13:38

Avant-CF: 98 173 902 848 octets libres
Après-CF: 98 035 728 384 octets libres

- - End Of File - - 8EB15BD2AEF83A0846A270106F1A901A

et celui de Gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-30 15:42:21
Windows 6.0.6002 Service Pack 2
Running: vbsvmgkq.exe; Driver: C:\Users\Roum\AppData\Local\Temp\pfrdapoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xF4 0x64 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0xC4 0xC8 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x75 0xD5 0x54 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA1 0xD2 0x64 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xF4 0x64 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0xC4 0xC8 0xC9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x75 0xD5 0x54 0x19 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA1 0xD2 0x64 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@t!s!d!f!`!`!\24!t!s!t!t!r!d!r!s!\30! 19583823
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\Users\Roum\AppData\Local\Mozilla\Firefox\Profiles\q0awamy7.default\Cache\CA9CADD1d01 56903 bytes
File C:\Users\Roum\AppData\Local\Mozilla\Firefox\Profiles\q0awamy7.default\Cache\F095459Ad01 25129 bytes
File C:\Users\Roum\AppData\Local\Mozilla\Firefox\Profiles\q0awamy7.default\Cache\A82A6D08d01 35315 bytes
File C:\Users\Roum\AppData\Local\Mozilla\Firefox\Profiles\q0awamy7.default\Cache\37B45BE4d01 27010 bytes
File C:\Users\Roum\AppData\Local\Mozilla\Firefox\Profiles\q0awamy7.default\Cache\586D5CDBd01 21543 bytes
File C:\Users\Roum\AppData\Local\Mozilla\Firefox\Profiles\q0awamy7.default\Cache\2EB097CCd01 21362 bytes

---- EOF - GMER 1.0.15 ----

Tout c'est déroulé comme il fallait je vous tiendrais au courant les jours qui suivent de l'évolution.

Merci Ouach.

[nardino]

Bonjour.
Il faut battre le fer quand il est chaud.
Télécharge CureIt Dr.Web (launch.exe)
ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

Il ne nécessite pas d'installation.
Tu le lances après avoir désactivé ton antivirus résident.
Il va te demander de faire la mise à jour et une fois effectuée va lancer un scan rapide.
Quand tout ceci est fait tu choisis scan sélectif et tu coches au moins C.
A la fin du scan, tu mets tout en quarantaine et tu postes le rapport.

Refais aussi un scan MBAM et poste son rapport
@+

[Ouach]

Bonjour,

Alors apres avoir fait un scan avec dr web ( 12 heures ) j'ai supprimé et mis en quarantaine tout ce qui devait l'etre et au moment ou j'ai voulu sauver mon apport il y a eu un crash

Voilà...je vais faire le scan avec malwarbytes.

Ouach.