Sujet Précédent Sujet Suivant

Monnid32.exe ... écran bleu ... Virus ?

Fermé
étamé - 26 févr. 2010 à 02:27
 étamé - 26 févr. 2010 à 02:45
Bonjour,

mon ordinateur est ralenti à mort et plante très souvent sans raison apparente

j'avais le virus security tool que j'ai réussi à enlever

puis le problème est devenu un ralentissement très fort jusqu'au plantage systématique

ci-joint le log Malwarebytes après MAJ

(et le log Combo fix dans le post suivant ...)

( si ça peut aider ... le gestionnaire des taches indique 11 processus SVCHOST en même temps dont 1 logé dans 'Système" qui prend 50% du processeur en permanence // en plus, le processus WINWORD.EXE est récemment apparu et bouffe dans les 45% du processeur quand ça lui prend est-ce normal ?? )

LOG MALWAREBYTE ANTIMALWARE :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3793
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/02/2010 01:05:23
mbam-log-2010-02-26 (01-05-23).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 244431
Temps écoulé: 1 hour(s), 55 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\lIbL.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Satsuki Decoder Pack\filtres\RLOFRDec.ax (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82229A3E-B49D-4F97-87AB-795160EADA09}\RP1238\A0259932.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82229A3E-B49D-4F97-87AB-795160EADA09}\RP1238\A0261931.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82229A3E-B49D-4F97-87AB-795160EADA09}\RP1238\A0264916.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82229A3E-B49D-4F97-87AB-795160EADA09}\RP1238\A0265917.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82229A3E-B49D-4F97-87AB-795160EADA09}\RP1238\A0267934.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{82229A3E-B49D-4F97-87AB-795160EADA09}\RP1239\A0270588.exe (Rogue.Security.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\remi jacquet\Menu Démarrer\Programmes\Démarrage\monnid32.exe (Trojan.Bredolab) -> Delete on reboot.
A voir également:

2 réponses

Réponse 1 / 2
étamé
26 févr. 2010 à 02:39
re

log combofixe :

ComboFix 10-02-21.02 - rt 26/02/2010 1:12.7.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1519 [GMT 1:00]
Lancé depuis: c:\documents and settings\rt\Bureau\virus check pack\aseshi.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\driVERs\rpqkuotb.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rpqkuotb
-------\Service_rpqkuotb


((((((((((((((((((((((((((((( Fichiers créés du 2010-01-26 au 2010-02-26 ))))))))))))))))))))))))))))))))))))
.

2010-02-25 22:08 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 22:08 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-25 09:59 . 2010-02-25 10:07 -------- d-----w- C:\aseshi13166a
2010-02-24 21:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-18 10:57 . 2010-02-18 10:57 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-02-18 10:57 . 2010-02-18 10:57 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-02-18 10:54 . 2010-02-18 10:54 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Temp
2010-02-18 10:54 . 2010-02-18 10:54 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\NOS
2010-02-18 10:54 . 2010-02-18 10:54 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Musicmatch
2010-02-18 10:54 . 2010-02-18 10:54 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Mozilla
2010-02-18 10:54 . 2010-02-18 10:54 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Identities
2010-02-18 10:54 . 2010-02-18 10:54 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Help
2010-02-18 10:53 . 2010-02-18 11:09 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google
2010-02-18 10:53 . 2010-02-18 10:53 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\ATI
2010-02-18 10:53 . 2010-02-18 10:53 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer
2010-02-18 10:53 . 2010-02-18 10:53 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple
2010-02-18 10:53 . 2010-02-18 10:53 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Ahead
2010-02-18 10:53 . 2010-02-18 10:53 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\vlc
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Ulead Systems
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Template
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Symantec
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Steinberg
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\ScanSoft
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\PPStream
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Media Player Classic
2010-02-18 10:52 . 2010-02-18 10:52 -------- d-----w- c:\documents and settings\HelpAssistant\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 00:18 . 2009-04-19 15:06 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000004-20021102}.dat
2010-02-26 00:18 . 2009-04-19 15:06 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-20021102}.dat
2010-02-25 23:21 . 2005-12-06 23:23 -------- d-----w- c:\program files\Winamp
2010-02-25 22:08 . 2010-02-19 22:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 21:58 . 2008-08-27 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-25 21:57 . 2006-12-18 01:07 -------- d-----w- c:\program files\URUSoft
2010-02-25 21:52 . 2008-07-28 14:29 -------- d-----w- c:\program files\Alwil Software
2010-02-25 21:52 . 2009-10-04 21:11 -------- d-----w- c:\program files\DivX
2010-02-25 09:35 . 2010-02-19 00:00 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-02-25 08:19 . 2009-05-19 14:29 -------- d-----w- c:\program files\Java
2010-02-25 08:19 . 2010-02-25 22:18 152576 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-25 08:19 . 2010-02-25 08:19 152576 ----a-w- c:\documents and settings\rt\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-25 08:18 . 2010-02-25 22:18 79488 ----a-w- c:\documents and settings\HelpAssistant\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-25 08:18 . 2010-02-25 08:18 79488 ----a-w- c:\documents and settings\rt\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-24 23:26 . 2008-06-24 10:36 -------- d-----w- c:\program files\MPlayer for Windows
2010-02-21 21:07 . 2008-06-14 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-19 20:29 . 2010-02-19 20:29 16 ----a-w- c:\documents and settings\LocalService\Application Data\cqfyto.dat
2010-02-19 00:09 . 2009-08-27 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-02-19 00:00 . 2010-02-19 00:00 16 ----a-w- c:\documents and settings\HelpAssistant\Application Data\cqfyto.dat
2010-02-18 13:43 . 2009-12-29 12:42 -------- d-----w- c:\program files\trend micro
2010-02-18 11:26 . 2008-06-14 13:41 -------- d-----w- c:\program files\Google
2010-01-20 20:24 . 2009-01-19 21:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 14:56 . 2010-01-15 17:03 -------- d-----w- c:\documents and settings\rt\Application Data\FMZilla
2010-01-18 14:55 . 2009-10-03 20:12 -------- d-----w- c:\documents and settings\rt\Application Data\HPAppData
2010-01-04 02:05 . 2005-03-16 09:17 85396 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-04 02:05 . 2005-03-16 09:17 511874 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-03 04:14 . 2010-02-18 10:51 65752 ----a-w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 04:14 . 2005-06-25 13:02 65752 ----a-w- c:\documents and settings\rt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 02:05 . 2010-01-03 02:05 -------- d-----w- c:\program files\MSBuild
2010-01-03 02:05 . 2010-01-03 02:05 -------- d-----w- c:\program files\Reference Assemblies
2010-01-02 18:50 . 2010-01-02 18:50 -------- d-----w- c:\program files\ANI
2010-01-02 18:50 . 2005-04-13 08:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 18:50 . 2010-01-02 18:50 -------- d-----w- c:\program files\D-Link
2010-01-02 18:49 . 2010-01-02 18:49 -------- d-----w- c:\documents and settings\rt\Application Data\InstallShield
2009-12-31 16:50 . 2005-03-16 09:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 16:48 . 2009-05-24 21:35 0 ----a-w- c:\windows\system32\drivers\46809ef5.sys
2009-12-29 16:21 . 2009-12-29 16:21 -------- d-----w- c:\program files\Chec
2009-12-29 13:45 . 2009-12-29 13:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-21 19:07 . 2005-03-16 09:17 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2005-04-13 08:31 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2005-03-16 09:16 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:08 . 2005-03-16 09:17 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:08 . 2004-08-04 00:48 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-03-16 09:16 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe
[7] 2004-08-05 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

c:\windows\System32\ctfmon.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-14 68856]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-07-24 148776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-02 5964800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 1662976]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\HelpAssistant\Menu D‚marrer\Programmes\D‚marrage\
WkCalRem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-7-12 15360]

c:\documents and settings\rt\Menu D‚marrer\Programmes\D‚marrage\
WkCalRem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-7-12 15360]

c:\documents and settings\HelpAssistant\Menu D‚marrer\Programmes\D‚marrage\
WkCalRem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-7-12 15360]

c:\documents and settings\rt\Menu D‚marrer\Programmes\D‚marrage\
WkCalRem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-7-12 15360]

c:\documents and settings\HelpAssistant\Menu D‚marrer\Programmes\D‚marrage\
WkCalRem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-7-12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-01 17:57 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13472:TCP"= 13472:TCP:NortonAV
"17102:TCP"= 17102:TCP:NortonAV
"13303:TCP"= 13303:TCP:NortonAV
"12300:TCP"= 12300:TCP:NortonAV
"16649:TCP"= 16649:TCP:NortonAV
"15406:TCP"= 15406:TCP:NortonAV
"14539:TCP"= 14539:TCP:NortonAV
"14590:TCP"= 14590:TCP:NortonAV
"14785:TCP"= 14785:TCP:NortonAV
"12124:TCP"= 12124:TCP:NortonAV
"13695:TCP"= 13695:TCP:NortonAV
"16003:TCP"= 16003:TCP:NortonAV
"13040:TCP"= 13040:TCP:NortonAV
"17871:TCP"= 17871:TCP:NortonAV
"12395:TCP"= 12395:TCP:NortonAV
"16830:TCP"= 16830:TCP:NortonAV
"18327:TCP"= 18327:TCP:NortonAV
"16804:TCP"= 16804:TCP:NortonAV
"18693:TCP"= 18693:TCP:NortonAV
"16211:TCP"= 16211:TCP:NortonAV
"15449:TCP"= 15449:TCP:NortonAV
"16453:TCP"= 16453:TCP:NortonAV
"16633:TCP"= 16633:TCP:NortonAV
"13882:TCP"= 13882:TCP:NortonAV
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"9718:TCP"= 9718:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3246:TCP"= 3246:TCP:Services
"8919:TCP"= 8919:TCP:Services
"5840:TCP"= 5840:TCP:Services

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22/07/2008 09:01 151592]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [25/06/2005 14:41 15840]
S1 46809ef5;46809ef5;c:\windows\system32\drivers\46809ef5.sys [24/05/2009 22:35 0]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 23:51 135664]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [15/01/2010 17:01 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contenu du dossier 'Tâches planifiées'

2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-03 12:21]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 22:51]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 22:51]

2006-04-03 c:\windows\Tasks\Invite de commandes.job
- c:\windows\system32\cmd.exe [2005-03-16 02:33]

2006-04-03 c:\windows\Tasks\Winamp.job
- c:\progra~1\Winamp\winamp.exe [2005-11-15 19:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = search.net-studio.org
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: e&xporter vers microsoft excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\rt\Application Data\Mozilla\Firefox\Profiles\98xuolx2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\documents and settings\rt\Application Data\Mozilla\Firefox\Profiles\98xuolx2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 01:21
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8849D758]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf735dcb8
\Driver\atapi -> atapi.sys @ 0xf7315852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2324)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Orange\connectivity\CoreCom\CoreCom.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2010-02-26 01:28:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-26 00:28
ComboFix2.txt 2010-02-25 10:07
ComboFix3.txt 2010-02-23 23:42
ComboFix4.txt 2010-02-22 23:07
ComboFix5.txt 2010-02-26 00:11

Avant-CF: 94 748 213 248 octets libres
Après-CF: 94 710 677 504 octets libres

- - End Of File - - 9D838FAAF618C97B02128D480FC08413
0
Réponse 2 / 2
étamé
26 févr. 2010 à 02:45
re

précisions :

- j'ai eu un premier écran bleu

- à chaque redémarrage après un freeze j ai un message :

" Windows Restauration de Registre, 1 des fichiers contenant les données du registre système a du être restauré au moyen d'un journal ou d'une copie ... restauration réussie."


j'avais installé la console de récupération avec combo fix ...


est ce que quelqu'un saurait m'aider ?

merci à l'avance
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
mon image prend une dominante bleue
herve -
Dany -

4 réponses