Bonjour, Sur mon PC windows XP sp2, je n'ai plus accès à rien depuis deux jours... Mon bureau s'affiche après un très long démarrage, le curseur de la souris se dépace mais rien ne réagis aux clics. La barre de tache ne s'affiche plus. Si je tente de cliquer plusieurs fois, un bip se fait entendre de l'unité centrale et le curseur de la souris se bloque. Ce matin, j'ai laissé tourner la machine et un message d'alerte d'avast était affiché : "win32 : Rootkit-gen[Rtk]" Il y avait aussi l'emplacement du fichier mais je ne l'ai pas noté sur l'instant... J'ai eu beau chercher dans les forums, je n'ai pas trouvé de problèmes réellement similaires puisque chez moi, plus rien ne peut s'ouvrir !! Si quelqu'un peut m'aider, je vous en remercie d'avance. A+ Gastonlagaf

Re, si l'ordi est stable, installe IE7 (on verra après pour le SP3) ==================== Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php et télécharge SmitfraudFix.exe. Regarde le tuto Exécute le en choisissant l’option 1, il va générer un rapport Copie/colle le sur le poste stp.

Rootik-gen[Rtk] détecté par Avast

Réponse 61 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
16 mars 2009 à 22:03

Re,

remets un rapport RSIT.

Réponse 62 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
17 mars 2009 à 11:25

Bonjour,

Voici le rapport RSIT :

Logfile of random's system information tool 1.05 (written by random/random)
Run by G at 2009-03-17 11:18:43
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 81 GB (69%) free of 117 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:59, on 17/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\G\Bureau\RSIT.exe
C:\Documents and Settings\G\Bureau\G.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS4\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Réponse 63 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
17 mars 2009 à 13:30

Re,

ton problème est assez compliqué.

fais ceci :

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

KillAll::

Driver::
a61iuv5p

Rootkit::
C:\WINDOWS\\System32\Drivers\a61iuv5p.SYS
C:\WINDOWS\\System32\Drivers\spmp.sys

RegNull::
[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Réponse 64 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
17 mars 2009 à 14:26

Re,

Tu dis que mon problème est assez compliqué ; sais-tu d'ou il vient ? Est-ce que c'est la réparation qui est fastidieuse ?
Merci en tous cas de t'acharner autant !!

Voici le rapport Combofix :

ComboFix 09-03-12.01 - G 2009-03-17 14:04:48.8 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.241 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\\System32\Drivers\a61iuv5p.SYS

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-17 au 2009-03-17 ))))))))))))))))))))))))))))))))))))
.

2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\program files\Avira
2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 19:09 --------- d-----w c:\documents and settings\GAROCHE\Application Data\OpenOffice.org2
2009-02-12 16:23 --------- d-----w c:\program files\eMule
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-26 16:09 --------- d-----w c:\program files\CCleaner
2009-01-26 15:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-26 15:45 --------- d-----w c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 12:02 --------- d-----w c:\program files\trend micro
2009-01-22 15:22 --------- d-----w c:\program files\Ballance
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 15:19 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Lite
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 14:52 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-22 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 14:46 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-03-16_20.22.17.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 13:59:50 1,847,680 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:59:36 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:03 8,518,144 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2008-12-05 06:57:24 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:15 8,517,632 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 15:26:07 1,846,528 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 -c----w c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 21:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2009-02-07 11:11:22 126,112 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-17 02:13:55 126,112 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 02:33:40 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:57:24 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2007-08-10 06:18:14 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-09-15 15:26:07 1,846,528 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 ----a-w c:\windows\system32\win32k.sys
- 2007-06-11 21:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
+ 2009-03-17 13:10:01 16,384 ----atw c:\windows\temp\Perflib_Perfdata_14c.dat
+ 2008-04-15 17:49:31 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 14:11:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-03-17 14:15:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-17 13:15:45
ComboFix2.txt 2009-03-16 19:24:15
ComboFix3.txt 2009-03-13 11:28:34
ComboFix4.txt 2009-02-09 11:43:47
ComboFix5.txt 2009-03-17 12:54:54

Avant-CF: 84 597 698 560 octets libres
Après-CF: 84,581,818,368 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
206 --- E O F --- 2009-03-17 02:06:46

Réponse 65 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
17 mars 2009 à 14:30

Re,

relance combofix et gmer.

poste les rapports.

Je ne sais pas d'où ça vient. je sais que un pilote malveillant se recréé à chaque démarrage.

je cherche le mécanisme de cette création.

Réponse 66 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
17 mars 2009 à 16:32

Re,

Voici les rapport Combofix suivi de GMER :

ComboFix 09-03-12.01 - G 2009-03-17 16:19:52.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.169 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-17 au 2009-03-17 ))))))))))))))))))))))))))))))))))))
.

2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\program files\Avira
2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 19:09 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-12 16:23 --------- d-----w c:\program files\eMule
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-03 11:31 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-26 16:09 --------- d-----w c:\program files\CCleaner
2009-01-26 15:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-26 15:45 --------- d-----w c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 12:02 --------- d-----w c:\program files\trend micro
2009-01-22 15:22 --------- d-----w c:\program files\Ballance
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 15:19 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Lite
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 14:52 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-22 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 14:46 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\GAROCHE\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - aujasnkj

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 16:22:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-17 16:25:05
ComboFix-quarantined-files.txt 2009-03-17 15:24:50
ComboFix2.txt 2009-03-17 13:15:59
ComboFix3.txt 2009-03-16 19:24:15
ComboFix4.txt 2009-03-13 11:28:34
ComboFix5.txt 2009-03-17 15:19:10

Avant-CF: 84 591 255 552 octets libres
Après-CF: 84,577,054,720 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
147 --- E O F --- 2009-03-17 02:06:46

GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-17 16:18:16
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT spjp.sys ZwCreateKey [0xF84D60E0]
SSDT B4AA840C ZwCreateThread
SSDT spjp.sys ZwEnumerateKey [0xF84F4CA2]
SSDT spjp.sys ZwEnumerateValueKey [0xF84F5030]
SSDT spjp.sys ZwOpenKey [0xF84D60C0]
SSDT B4AA83F8 ZwOpenProcess
SSDT B4AA83FD ZwOpenThread
SSDT spjp.sys ZwQueryKey [0xF84F5108]
SSDT spjp.sys ZwQueryValueKey [0xF84F4F88]
SSDT spjp.sys ZwSetValueKey [0xF84F519A]
SSDT B4AA8407 ZwTerminateProcess
SSDT B4AA8402 ZwWriteVirtualMemory

INT 0x62 ? 82FDDBF8
INT 0x63 ? 82D5ABF8
INT 0x63 ? 82D5ABF8
INT 0x63 ? 82D5ABF8
INT 0x63 ? 82D5ABF8
INT 0x63 ? 82D5ABF8
INT 0x63 ? 82D5ABF8
INT 0x82 ? 82FDDBF8
INT 0x83 ? 82FDFBF8

---- Kernel code sections - GMER 1.0.15 ----

? spjp.sys Le fichier spécifié est introuvable. !
? Combo-Fix.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F81978AC 5 Bytes JMP 82D5A1D8
.text ascafl5y.SYS F8037386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ascafl5y.SYS F80373AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ascafl5y.SYS F80373C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ascafl5y.SYS F80373C9 1 Byte [2E]
.text ascafl5y.SYS F80373C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\ComboFix\catchme.sys Le chemin d'accès spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82FDF2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8507C4C] spjp.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8507CA0] spjp.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F84D7040] spjp.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F84D713C] spjp.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84D70BE] spjp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84D77FC] spjp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84D76D2] spjp.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82D5A2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84E7048] spjp.sys
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\ascafl5y.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F701F8
Device \FileSystem\Fastfat \FatCdrom 829DD500
Device \Driver\usbuhci \Device\USBPDO-0 82D591F8
Device \Driver\usbuhci \Device\USBPDO-1 82D591F8
Device \Driver\usbuhci \Device\USBPDO-2 82D591F8
Device \Driver\sptd \Device\1875799320 spjp.sys
Device \Driver\usbuhci \Device\USBPDO-3 82D591F8
Device \Driver\usbehci \Device\USBPDO-4 82D2C500
Device \Driver\Ftdisk \Device\HarddiskVolume1 82F721F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FAADA303-9E48-4837-9027-EA0EFA769A58} 828931F8
Device \Driver\Cdrom \Device\CdRom0 82D8E1F8
Device \Driver\Cdrom \Device\CdRom1 82D8E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 828931F8
Device \Driver\USBSTOR \Device\00000077 827EA1F8
Device \Driver\USBSTOR \Device\00000078 827EA1F8
Device \Driver\NetBT \Device\NetbiosSmb 828931F8
Device \Driver\PCI_PNP0570 \Device\0000004d spjp.sys
Device \Driver\PCI_PNP0570 \Device\0000004d spjp.sys
Device \Driver\usbuhci \Device\USBFDO-0 82D591F8
Device \Driver\usbuhci \Device\USBFDO-1 82D591F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 828761F8
Device \Driver\usbuhci \Device\USBFDO-2 82D591F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 828761F8
Device \Driver\usbuhci \Device\USBFDO-3 82D591F8
Device \Driver\usbehci \Device\USBFDO-4 82D2C500
Device \Driver\Ftdisk \Device\FtControl 82F721F8
Device \Driver\viamraid \Device\Scsi\viamraid1 82F711F8
Device \Driver\ascafl5y \Device\Scsi\ascafl5y1Port3Path0Target0Lun0 82D171F8
Device \Driver\ascafl5y \Device\Scsi\ascafl5y1 82D171F8
Device \FileSystem\Fastfat \Fat 829DD500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 82A18500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1C 0xC6 0xE4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0xB6 0x1A 0x6E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x59 0x6D 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1C 0xC6 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0xB6 0x1A 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x59 0x6D 0x7B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1C 0xC6 0xE4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0xB6 0x1A 0x6E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x59 0x6D 0x7B ...

---- EOF - GMER 1.0.15 ----

Réponse 67 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
17 mars 2009 à 17:09

Re,

il faut que je consulte.

je te tiens au courant dès que j'ai des nouvelles.

Réponse 68 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
18 mars 2009 à 11:46

Bonjour,

je ne t'ai pas oublié.

J'avance mais c'est assez complexe.

Réponse 69 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
18 mars 2009 à 12:49

Bonjour Lyonnais92,

Je saurai patienter, merci à toi de ne pas perdre courage...

Réponse 70 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
20 mars 2009 à 18:58

Bonjour,

est ce que tu utilises Daemon Tools ?

============

Fais ceci :

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

RegNull::
[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Ouvre le registre (Démarrer, exécuter, tape regedit dans la zone de saisie et OK) et navigue avec les + et les - jusqu'à la clé

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Clique successivement sur Fichier puis sur Exporter et choisis un nom (XXXXXX par exemple). Tu retiens le nom du répertoire (Mes documents par défaut).

Ferme le registre et ouvre l'explorateur Windows.

Clique droit sur le fichier et choisis Modifier.

Le bloc-notes s'ouvre avec le contenu de la clé.

Copie le dans ta réponse.

=================================

Est ce que tu sais uploader un fichier (par sendspace ou équivalent) ?

Réponse 71 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
21 mars 2009 à 22:53

Bonsoir Lyonnais92,

J'ai utilisé une fois Daemon tools et il est resté installé sur mon ordi.
Je ne sais pas uploader un fichier ; peut-être existe-t-il des tutos là dessus , en connais-tu ?

Sinon voici les rapport Combofix et Hijackthis puis le contenu de la clé. Pour la recherche de la clé je n'ai pas trouvé le sous dossier "Adressbook*" ! Je me suis donc arrêté à "System certificates" !!

Merci encore...

ComboFix 09-03-12.01 - G 2009-03-21 22:17:51.10 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.232 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.
- Mode FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-21 au 2009-03-21 ))))))))))))))))))))))))))))))))))))
.

2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\program files\Avira
2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 19:09 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-12 16:23 --------- d-----w c:\program files\eMule
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-03 11:31 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-26 16:09 --------- d-----w c:\program files\CCleaner
2009-01-26 15:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-26 15:45 --------- d-----w c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 12:02 --------- d-----w c:\program files\trend micro
2009-01-22 15:22 --------- d-----w c:\program files\Ballance
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 15:19 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Lite
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 14:52 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-22 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 14:46 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-03-17_14.14.04.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-21 21:08:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_160.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 22:18:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-21 22:22:00
ComboFix-quarantined-files.txt 2009-03-21 21:21:36
ComboFix2.txt 2009-03-17 15:25:08
ComboFix3.txt 2009-03-17 13:15:59
ComboFix4.txt 2009-03-16 19:24:15
ComboFix5.txt 2009-03-21 21:15:29

Avant-CF: 84 554 158 080 octets libres
Après-CF: 84,541,771,776 octets libres

Current=1 Default=1 Failed=3 LastKnownGood=5 Sets=1,3,4,5
152 --- E O F --- 2009-03-17 02:06:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:38, on 21/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\GAROCHE\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Réponse 72 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
21 mars 2009 à 22:57

Puis la clé dans un autre message, j'avais peur que tout ne passe pas en un seul...

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA\Certificates\1381E139ACE7B6AA02A86E0D49ACA66AA3AC02EC]
"Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,13,81,e1,39,ac,e7,b6,aa,02,a8,\
6e,0d,49,ac,a6,6a,a3,ac,02,ec,14,00,00,00,01,00,00,00,14,00,00,00,a7,4f,05,\
fb,d1,8e,41,53,37,95,ca,4b,e1,43,1f,5a,eb,4d,cd,50,04,00,00,00,01,00,00,00,\
10,00,00,00,46,bb,a1,8a,4b,8d,dd,29,7b,c7,07,49,38,88,60,01,19,00,00,00,01,\
00,00,00,10,00,00,00,be,74,d0,2f,3f,e6,b4,f3,1f,62,af,a7,37,55,2a,7c,18,00,\
00,00,01,00,00,00,10,00,00,00,3f,46,77,fa,73,b2,e4,0c,87,45,77,8d,3f,51,70,\
62,20,00,00,00,01,00,00,00,d9,04,00,00,30,82,04,d5,30,82,03,bd,a0,03,02,01,\
02,02,0a,61,2b,00,a4,00,03,00,00,00,14,30,0d,06,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,27,31,25,30,23,06,03,55,04,03,13,1c,4d,69,63,72,6f,73,6f,66,74,\
20,49,6e,74,65,72,6e,65,74,20,41,75,74,68,6f,72,69,74,79,30,1e,17,0d,30,36,\
30,34,32,31,31,39,31,31,30,34,5a,17,0d,30,39,30,34,31,39,32,33,35,39,30,30,\
5a,30,81,8b,31,13,30,11,06,0a,09,92,26,89,93,f2,2c,64,01,19,16,03,63,6f,6d,\
31,19,30,17,06,0a,09,92,26,89,93,f2,2c,64,01,19,16,09,6d,69,63,72,6f,73,6f,\
66,74,31,14,30,12,06,0a,09,92,26,89,93,f2,2c,64,01,19,16,04,63,6f,72,70,31,\
17,30,15,06,0a,09,92,26,89,93,f2,2c,64,01,19,16,07,72,65,64,6d,6f,6e,64,31,\
2a,30,28,06,03,55,04,03,13,21,4d,69,63,72,6f,73,6f,66,74,20,53,65,63,75,72,\
65,20,53,65,72,76,65,72,20,41,75,74,68,6f,72,69,74,79,30,82,01,22,30,0d,06,\
09,2a,86,48,86,f7,0d,01,01,01,05,00,03,82,01,0f,00,30,82,01,0a,02,82,01,01,\
00,b3,29,f6,b4,9c,c2,24,ab,10,cb,df,1c,62,bc,c1,4f,4a,8c,4a,a4,cc,89,b4,5e,\
97,7e,2e,eb,88,ea,77,51,8a,3f,d7,11,30,76,a0,c8,d2,d9,21,bd,6b,bf,c3,59,5c,\
f7,5f,da,e2,3c,84,67,38,97,14,61,e2,2a,6b,6c,53,ce,65,28,87,40,8c,aa,f7,3a,\
2a,2d,2e,c1,87,f2,a7,aa,74,57,e0,20,a7,b4,24,1b,59,56,bf,b3,97,39,15,b1,83,\
e5,71,b9,02,f0,3c,b2,39,f9,e9,63,e8,b5,82,c6,79,6a,d2,67,f9,36,6d,c1,fd,62,\
0b,d0,d9,8a,ed,f2,dd,55,c4,f4,1c,89,2b,97,f3,62,92,9f,62,b1,c7,12,4a,81,0b,\
40,81,9a,72,7a,44,79,41,d2,14,52,f4,2c,10,03,da,09,f5,91,b0,5f,ce,31,0a,32,\
73,85,1e,03,10,04,2d,ab,eb,da,f9,6a,f3,af,72,7b,71,6e,7f,77,d4,85,51,24,f2,\
4c,6d,89,53,d8,59,80,53,02,15,ad,b3,ad,a9,13,06,8a,18,fb,5e,32,c1,a7,bd,b5,\
fe,05,18,08,c1,ce,79,bd,fb,3a,29,65,f1,9c,15,0b,f5,0f,01,7d,04,0b,6d,3f,27,\
41,ee,e1,3b,85,d7,31,02,03,01,00,01,a3,82,01,9c,30,82,01,98,30,12,06,03,55,\
1d,13,01,01,ff,04,08,30,06,01,01,ff,02,01,01,30,1d,06,03,55,1d,0e,04,16,04,\
14,a7,4f,05,fb,d1,8e,41,53,37,95,ca,4b,e1,43,1f,5a,eb,4d,cd,50,30,0b,06,03,\
55,1d,0f,04,04,03,02,01,86,30,12,06,09,2b,06,01,04,01,82,37,15,01,04,05,02,\
03,03,00,03,30,23,06,09,2b,06,01,04,01,82,37,15,02,04,16,04,14,c9,c0,9c,43,\
38,91,ed,d3,e9,fa,52,72,55,08,83,b5,cd,f2,8e,7b,30,19,06,09,2b,06,01,04,01,\
82,37,14,02,04,0c,1e,0a,00,53,00,75,00,62,00,43,00,41,30,1f,06,03,55,1d,23,\
04,18,30,16,80,14,33,5f,dd,0f,b7,9c,5c,ce,ee,87,dd,70,70,8b,5f,7d,cf,22,bc,\
b9,30,66,06,03,55,1d,1f,04,5f,30,5d,30,5b,a0,59,a0,57,86,34,68,74,74,70,3a,\
2f,2f,63,72,6c,2e,6d,69,63,72,6f,73,6f,66,74,2e,63,6f,6d,2f,70,6b,69,2f,6d,\
73,63,6f,72,70,2f,63,72,6c,2f,6d,73,77,77,77,28,33,29,2e,63,72,6c,86,1f,68,\
74,74,70,3a,2f,2f,63,6f,72,70,70,6b,69,2f,63,72,6c,2f,6d,73,77,77,77,28,33,\
29,2e,63,72,6c,30,79,06,08,2b,06,01,05,05,07,01,01,04,6d,30,6b,30,3c,06,08,\
2b,06,01,05,05,07,30,02,86,30,68,74,74,70,3a,2f,2f,77,77,77,2e,6d,69,63,72,\
6f,73,6f,66,74,2e,63,6f,6d,2f,70,6b,69,2f,6d,73,63,6f,72,70,2f,6d,73,77,77,\
77,28,33,29,2e,63,72,74,30,2b,06,08,2b,06,01,05,05,07,30,02,86,1f,68,74,74,\
70,3a,2f,2f,63,6f,72,70,70,6b,69,2f,61,69,61,2f,6d,73,77,77,77,28,33,29,2e,\
63,72,74,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,03,82,01,01,00,82,43,\
42,99,2a,86,87,42,dd,99,8a,3c,1e,1d,4e,f7,a8,14,2a,6e,73,80,b4,a9,d5,cf,2e,\
08,2f,46,24,e7,40,93,ff,49,17,67,7d,0c,24,6a,e9,43,4b,7e,fb,d7,35,a8,dd,f3,\
b5,fe,d4,e2,0a,65,6f,b5,4e,0b,35,b2,12,a5,09,ab,cf,8d,6a,00,fd,90,21,49,7f,\
77,81,63,89,ac,f4,a9,c8,4d,c6,64,d1,95,52,c6,b1,3a,f0,90,c3,24,3a,1f,4c,51,\
01,1c,37,29,3d,46,e1,9e,a5,ff,f5,fb,ae,aa,78,49,f1,78,28,0a,d3,dc,88,71,b8,\
1d,13,d7,df,93,9b,9e,4d,7e,d3,35,f8,28,35,93,bd,39,19,d1,4b,5a,7b,9e,b6,b7,\
6f,45,a2,d6,47,46,a8,39,9b,a7,0e,d6,7b,e3,3c,e8,1f,15,a4,f6,b4,41,aa,1f,81,\
17,65,d9,dc,ce,8a,37,7b,84,63,7e,72,04,4d,32,f7,46,a5,1c,73,91,a5,94,03,9d,\
ab,04,ea,c4,57,22,4b,bb,62,14,92,c3,d5,d1,0f,f4,65,93,0d,65,72,61,f0,c9,96,\
5b,fa,3c,79,b4,19,25,0b,21,37,9a,78,33,b1,e2,50,df,dc,67,6a,27,9e,b7,59,4a,\
92,30,c8,05

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA\Certificates\197A4AEBDB25F0170079BB8C73CB2D655E0018A4]
"Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,19,7a,4a,eb,db,25,f0,17,00,79,\
bb,8c,73,cb,2d,65,5e,00,18,a4,14,00,00,00,01,00,00,00,14,00,00,00,08,f5,51,\
e8,fb,fe,3d,3d,64,36,7c,68,cf,5b,78,a8,df,b9,c5,37,04,00,00,00,01,00,00,00,\
10,00,00,00,63,fe,60,c5,5a,44,af,8e,e2,11,5a,27,62,2a,b0,7c,19,00,00,00,01,\
00,00,00,10,00,00,00,02,f2,11,7f,88,00,4c,18,bc,dd,33,20,cb,d1,28,9d,18,00,\
00,00,01,00,00,00,10,00,00,00,91,16,1b,89,4b,11,7e,cd,c2,57,62,8d,b4,60,cc,\
04,20,00,00,00,01,00,00,00,c3,04,00,00,30,82,04,bf,30,82,04,28,a0,03,02,01,\
02,02,10,41,91,a1,5a,39,78,df,cf,49,65,66,38,1d,4c,75,c2,30,0d,06,09,2a,86,\
48,86,f7,0d,01,01,05,05,00,30,5f,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,\
17,30,15,06,03,55,04,0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,49,6e,63,2e,31,\
37,30,35,06,03,55,04,0b,13,2e,43,6c,61,73,73,20,33,20,50,75,62,6c,69,63,20,\
50,72,69,6d,61,72,79,20,43,65,72,74,69,66,69,63,61,74,69,6f,6e,20,41,75,74,\
68,6f,72,69,74,79,30,1e,17,0d,30,34,30,37,31,36,30,30,30,30,30,30,5a,17,0d,\
31,34,30,37,31,35,32,33,35,39,35,39,5a,30,81,b4,31,0b,30,09,06,03,55,04,06,\
13,02,55,53,31,17,30,15,06,03,55,04,0a,13,0e,56,65,72,69,53,69,67,6e,2c,20,\
49,6e,63,2e,31,1f,30,1d,06,03,55,04,0b,13,16,56,65,72,69,53,69,67,6e,20,54,\
72,75,73,74,20,4e,65,74,77,6f,72,6b,31,3b,30,39,06,03,55,04,0b,13,32,54,65,\
72,6d,73,20,6f,66,20,75,73,65,20,61,74,20,68,74,74,70,73,3a,2f,2f,77,77,77,\
2e,76,65,72,69,73,69,67,6e,2e,63,6f,6d,2f,72,70,61,20,28,63,29,30,34,31,2e,\
30,2c,06,03,55,04,03,13,25,56,65,72,69,53,69,67,6e,20,43,6c,61,73,73,20,33,\
20,43,6f,64,65,20,53,69,67,6e,69,6e,67,20,32,30,30,34,20,43,41,30,82,01,22,\
30,0d,06,09,2a,86,48,86,f7,0d,01,01,01,05,00,03,82,01,0f,00,30,82,01,0a,02,\
82,01,01,00,be,bc,ee,bc,7e,ef,83,eb,e0,37,4f,fb,03,10,38,be,08,d2,8c,7d,9d,\
fa,92,7f,19,0c,c2,6b,ee,42,52,8c,de,d3,1c,48,13,25,ea,c1,63,7a,f9,51,65,ee,\
d3,aa,3b,f5,f0,94,9c,2b,fb,f2,66,d4,24,da,f7,f5,9f,6e,19,39,36,bc,d0,a3,76,\
08,1e,22,27,24,6c,38,91,27,e2,84,49,ae,1b,8a,a1,fd,25,82,2c,10,30,e8,71,ab,\
28,e8,77,4a,51,f1,ec,cd,f8,f0,54,d4,6f,c0,e3,6d,0a,8f,d9,d8,64,8d,63,b2,2d,\
4e,27,f6,85,0e,fe,6d,e3,29,99,e2,85,47,7c,2d,86,7f,e8,57,8f,ad,67,c2,33,32,\
91,13,20,fc,a9,23,14,9a,6d,c2,84,4b,76,68,04,d5,71,2c,5d,21,fa,88,0d,26,fd,\
1f,2d,91,2b,e7,01,55,4d,f2,6d,35,28,82,df,d9,6b,5c,b6,d6,d9,aa,81,fd,5f,cd,\
83,ba,63,9d,d0,22,fc,a9,3b,42,69,b2,8e,3a,b5,bc,b4,9e,0f,5e,c4,ea,2c,82,8b,\
28,fd,53,08,96,dd,b5,01,20,d1,f9,a5,18,e7,c0,ee,51,70,37,e1,b6,05,48,52,48,\
6f,38,ea,c3,e8,6c,7b,44,84,bb,02,03,01,00,01,a3,82,01,a0,30,82,01,9c,30,12,\
06,03,55,1d,13,01,01,ff,04,08,30,06,01,01,ff,02,01,00,30,44,06,03,55,1d,20,\
04,3d,30,3b,30,39,06,0b,60,86,48,01,86,f8,45,01,07,17,03,30,2a,30,28,06,08,\
2b,06,01,05,05,07,02,01,16,1c,68,74,74,70,73,3a,2f,2f,77,77,77,2e,76,65,72,\
69,73,69,67,6e,2e,63,6f,6d,2f,72,70,61,30,31,06,03,55,1d,1f,04,2a,30,28,30,\
26,a0,24,a0,22,86,20,68,74,74,70,3a,2f,2f,63,72,6c,2e,76,65,72,69,73,69,67,\
6e,2e,63,6f,6d,2f,70,63,61,33,2e,63,72,6c,30,1d,06,03,55,1d,25,04,16,30,14,\
06,08,2b,06,01,05,05,07,03,02,06,08,2b,06,01,05,05,07,03,03,30,0e,06,03,55,\
1d,0f,01,01,ff,04,04,03,02,01,06,30,11,06,09,60,86,48,01,86,f8,42,01,01,04,\
04,03,02,00,01,30,29,06,03,55,1d,11,04,22,30,20,a4,1e,30,1c,31,1a,30,18,06,\
03,55,04,03,13,11,43,6c,61,73,73,33,43,41,32,30,34,38,2d,31,2d,34,33,30,1d,\
06,03,55,1d,0e,04,16,04,14,08,f5,51,e8,fb,fe,3d,3d,64,36,7c,68,cf,5b,78,a8,\
df,b9,c5,37,30,81,80,06,03,55,1d,23,04,79,30,77,a1,63,a4,61,30,5f,31,0b,30,\
09,06,03,55,04,06,13,02,55,53,31,17,30,15,06,03,55,04,0a,13,0e,56,65,72,69,\
53,69,67,6e,2c,20,49,6e,63,2e,31,37,30,35,06,03,55,04,0b,13,2e,43,6c,61,73,\
73,20,33,20,50,75,62,6c,69,63,20,50,72,69,6d,61,72,79,20,43,65,72,74,69,66,\
69,63,61,74,69,6f,6e,20,41,75,74,68,6f,72,69,74,79,82,10,70,ba,e4,1d,10,d9,\
29,34,b6,38,ca,7b,03,cc,ba,bf,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,\
03,81,81,00,ae,3a,17,b8,4a,7b,55,fa,64,55,ec,40,a4,ed,49,41,90,99,9c,89,bc,\
af,2e,1d,ca,78,23,f9,1c,19,0f,7f,eb,68,bc,32,d9,88,38,de,dc,3f,d3,89,b4,3f,\
b1,82,96,f1,a4,5a,ba,ed,2e,26,d3,de,7c,01,6e,00,0a,00,a4,06,92,11,48,09,40,\
f9,1c,18,79,67,23,24,e0,bb,d5,e1,50,ae,1b,f5,0e,dd,e0,2e,81,cd,80,a3,6c,52,\
4f,91,75,55,8a,ba,22,f2,d2,ea,41,75,88,2f,63,55,7d,1e,54,5a,95,59,ca,d9,34,\
81,c0,5f,5e,f6,7a,b5

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA\Certificates\307FE77549C02267C181932BF33B22969C73EC39]
"Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,30,7f,e7,75,49,c0,22,67,c1,81,\
93,2b,f3,3b,22,96,9c,73,ec,39,14,00,00,00,01,00,00,00,14,00,00,00,33,5f,dd,\
0f,b7,9c,5c,ce,ee,87,dd,70,70,8b,5f,7d,cf,22,bc,b9,04,00,00,00,01,00,00,00,\
10,00,00,00,17,0a,7c,89,c7,79,25,a2,ba,fc,1d,8b,12,93,f8,60,19,00,00,00,01,\
00,00,00,10,00,00,00,3f,46,77,fa,73,b2,e4,0c,87,45,77,8d,3f,51,70,62,18,00,\
00,00,01,00,00,00,10,00,00,00,b9,63,2f,69,39,0c,2f,2d,6b,23,e0,1f,ec,8c,73,\
89,20,00,00,00,01,00,00,00,0f,04,00,00,30,82,04,0b,30,82,03,74,a0,03,02,01,\
02,02,04,04,00,03,fe,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,30,75,31,\
0b,30,09,06,03,55,04,06,13,02,55,53,31,18,30,16,06,03,55,04,0a,13,0f,47,54,\
45,20,43,6f,72,70,6f,72,61,74,69,6f,6e,31,27,30,25,06,03,55,04,0b,13,1e,47,\
54,45,20,43,79,62,65,72,54,72,75,73,74,20,53,6f,6c,75,74,69,6f,6e,73,2c,20,\
49,6e,63,2e,31,23,30,21,06,03,55,04,03,13,1a,47,54,45,20,43,79,62,65,72,54,\
72,75,73,74,20,47,6c,6f,62,61,6c,20,52,6f,6f,74,30,1e,17,0d,30,36,30,34,31,\
39,31,34,33,35,30,30,5a,17,0d,30,39,30,34,31,39,32,33,35,39,30,30,5a,30,27,\
31,25,30,23,06,03,55,04,03,13,1c,4d,69,63,72,6f,73,6f,66,74,20,49,6e,74,65,\
72,6e,65,74,20,41,75,74,68,6f,72,69,74,79,30,82,01,22,30,0d,06,09,2a,86,48,\
86,f7,0d,01,01,01,05,00,03,82,01,0f,00,30,82,01,0a,02,82,01,01,00,b5,08,6e,\
4d,18,76,c4,d7,9c,63,ec,c2,ac,7c,77,f3,6d,ae,c8,f2,f1,66,ae,f1,c2,87,04,60,\
6e,29,9c,00,65,ee,6a,5b,e4,0e,53,88,11,c6,22,9b,33,fb,6b,b2,91,2e,d6,53,9b,\
53,be,cf,56,d8,99,4a,a1,50,32,45,ce,60,d2,e1,96,ad,5a,fd,ea,a1,eb,c4,49,27,\
1c,5e,bf,d2,96,99,fa,69,43,7f,3c,38,da,a1,8b,cc,33,88,7a,17,73,ae,91,50,28,\
aa,69,ba,7b,e7,57,5b,9b,09,e7,4c,de,86,7c,84,7d,e7,66,60,f9,a6,f5,c2,61,8b,\
de,8e,c1,d5,e7,c2,30,22,3d,2c,83,0a,b0,87,75,eb,21,e2,5c,a6,d3,04,7b,96,9e,\
40,1e,e1,0c,76,04,c0,20,a0,94,10,db,51,1b,4c,18,72,bc,27,dd,12,24,5d,39,d6,\
28,d4,e4,de,db,18,a1,e0,95,0f,99,77,fb,c4,f3,43,8c,c0,ab,a6,31,09,f3,0a,31,\
80,29,c7,d7,6c,fb,3c,d3,ea,c2,b8,67,15,ef,fa,f3,4f,2d,6b,1c,b8,88,d8,0e,6d,\
77,19,4b,71,11,71,90,40,f5,11,53,d7,3d,e8,9d,0d,84,da,99,64,68,13,e6,65,03,\
e2,66,ed,02,03,01,00,01,a3,82,01,70,30,82,01,6c,30,45,06,03,55,1d,1f,04,3e,\
30,3c,30,3a,a0,38,a0,36,86,34,68,74,74,70,3a,2f,2f,77,77,77,2e,70,75,62,6c,\
69,63,2d,74,72,75,73,74,2e,63,6f,6d,2f,63,67,69,2d,62,69,6e,2f,43,52,4c,2f,\
32,30,31,38,2f,63,64,70,2e,63,72,6c,30,1d,06,03,55,1d,0e,04,16,04,14,33,5f,\
dd,0f,b7,9c,5c,ce,ee,87,dd,70,70,8b,5f,7d,cf,22,bc,b9,30,54,06,03,55,1d,20,\
04,4d,30,4b,30,49,06,0a,2a,86,48,86,f8,63,01,02,01,05,30,3b,30,39,06,08,2b,\
06,01,05,05,07,02,01,16,2d,68,74,74,70,3a,2f,2f,77,77,77,2e,70,75,62,6c,69,\
63,2d,74,72,75,73,74,2e,63,6f,6d,2f,43,50,53,2f,4f,6d,6e,69,52,6f,6f,74,2e,\
68,74,6d,6c,30,81,89,06,03,55,1d,23,04,81,81,30,7f,a1,79,a4,77,30,75,31,0b,\
30,09,06,03,55,04,06,13,02,55,53,31,18,30,16,06,03,55,04,0a,13,0f,47,54,45,\
20,43,6f,72,70,6f,72,61,74,69,6f,6e,31,27,30,25,06,03,55,04,0b,13,1e,47,54,\
45,20,43,79,62,65,72,54,72,75,73,74,20,53,6f,6c,75,74,69,6f,6e,73,2c,20,49,\
6e,63,2e,31,23,30,21,06,03,55,04,03,13,1a,47,54,45,20,43,79,62,65,72,54,72,\
75,73,74,20,47,6c,6f,62,61,6c,20,52,6f,6f,74,82,02,01,a5,30,0e,06,03,55,1d,\
0f,01,01,ff,04,04,03,02,01,86,30,12,06,03,55,1d,13,01,01,ff,04,08,30,06,01,\
01,ff,02,01,02,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,03,81,81,00,63,\
49,09,54,ed,c5,db,9e,78,19,00,83,9a,e3,37,22,fb,56,76,5c,54,d3,c8,e1,5c,fd,\
37,dc,d2,a5,3f,c5,55,8f,64,f0,49,77,1d,94,56,4d,b2,0b,09,88,1c,50,58,38,94,\
90,0b,ee,ca,9f,b1,84,e6,71,37,ac,10,32,06,b9,c1,d2,8c,a6,05,c0,5e,0f,cb,53,\
dc,1e,01,df,58,c7,7e,71,60,b0,2f,54,62,29,fd,b8,93,75,e3,8f,9e,b5,bc,ce,7a,\
05,20,e2,a6,8d,02,90,1a,58,6a,de,dd,86,3b,00,b9,f5,cb,fe,97,82,a2,04,20,46,\
5c,09

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA\Certificates\792702456CFAB8FF18A1E44BB03F3AD3E2072725]
"Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,79,27,02,45,6c,fa,b8,ff,18,a1,\
e4,4b,b0,3f,3a,d3,e2,07,27,25,14,00,00,00,01,00,00,00,14,00,00,00,27,e1,a0,\
3a,a8,54,74,b5,47,71,eb,af,a1,1f,87,aa,6a,d7,9a,ae,04,00,00,00,01,00,00,00,\
10,00,00,00,1d,a3,18,7f,6c,af,db,e3,4c,a8,8e,41,97,2c,93,b8,19,00,00,00,01,\
00,00,00,10,00,00,00,15,f3,25,ef,7d,a5,2b,d1,31,3c,37,67,9c,77,c2,97,18,00,\
00,00,01,00,00,00,10,00,00,00,b9,63,2f,69,39,0c,2f,2d,6b,23,e0,1f,ec,8c,73,\
89,20,00,00,00,01,00,00,00,17,04,00,00,30,82,04,13,30,82,03,7c,a0,03,02,01,\
02,02,04,04,00,03,56,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,30,75,31,\
0b,30,09,06,03,55,04,06,13,02,55,53,31,18,30,16,06,03,55,04,0a,13,0f,47,54,\
45,20,43,6f,72,70,6f,72,61,74,69,6f,6e,31,27,30,25,06,03,55,04,0b,13,1e,47,\
54,45,20,43,79,62,65,72,54,72,75,73,74,20,53,6f,6c,75,74,69,6f,6e,73,2c,20,\
49,6e,63,2e,31,23,30,21,06,03,55,04,03,13,1a,47,54,45,20,43,79,62,65,72,54,\
72,75,73,74,20,47,6c,6f,62,61,6c,20,52,6f,6f,74,30,1e,17,0d,30,33,31,31,32,\
30,31,38,33,30,30,30,5a,17,0d,30,37,30,32,32,33,32,33,35,39,30,30,5a,30,27,\
31,25,30,23,06,03,55,04,03,13,1c,4d,69,63,72,6f,73,6f,66,74,20,49,6e,74,65,\
72,6e,65,74,20,41,75,74,68,6f,72,69,74,79,30,82,01,22,30,0d,06,09,2a,86,48,\
86,f7,0d,01,01,01,05,00,03,82,01,0f,00,30,82,01,0a,02,82,01,01,00,c5,5a,44,\
7b,4f,04,f5,17,fb,37,a8,a7,18,c5,c7,c1,44,df,fb,4c,99,34,f6,5d,1a,80,78,cf,\
81,01,89,f9,2a,78,11,ce,50,86,8c,d8,d3,40,96,1b,b5,67,aa,6f,54,40,d9,66,5d,\
dd,54,10,a8,65,d2,ef,46,52,2c,58,c3,77,1b,21,a8,52,68,f0,9a,33,58,ae,05,8b,\
07,45,27,33,71,8c,2c,8b,c5,cd,33,6f,ff,f7,34,3a,bc,58,45,32,50,a3,b9,11,07,\
3e,e6,18,11,8c,53,8e,e3,3d,47,8a,6c,60,2f,5d,8b,8a,7b,17,c0,75,fc,a5,d7,36,\
5f,9b,49,51,21,2a,78,37,ea,18,e2,82,69,3f,0d,16,ef,33,75,4c,ea,ae,66,15,39,\
65,04,82,fc,69,d3,3d,56,11,61,0b,9c,84,15,91,a5,ac,b0,90,83,a4,b6,0a,b0,25,\
dd,f2,e5,f8,48,84,08,f5,a6,61,83,82,c1,27,a0,f1,04,76,5f,56,3f,d9,70,92,1a,\
e6,26,ed,99,2b,ec,54,66,54,12,b9,2d,5d,9c,57,b6,70,40,5c,73,7f,cb,16,4b,fe,\
eb,2a,3d,11,91,54,29,09,1c,31,73,13,5b,cf,ae,15,51,e7,e9,1d,0d,64,ae,b3,a5,\
82,6f,d3,02,03,01,00,01,a3,82,01,78,30,82,01,74,30,45,06,03,55,1d,1f,04,3e,\
30,3c,30,3a,a0,38,a0,36,86,34,68,74,74,70,3a,2f,2f,77,77,77,2e,70,75,62,6c,\
69,63,2d,74,72,75,73,74,2e,63,6f,6d,2f,63,67,69,2d,62,69,6e,2f,43,52,4c,2f,\
32,30,31,38,2f,63,64,70,2e,63,72,6c,30,1d,06,03,55,1d,0e,04,16,04,14,27,e1,\
a0,3a,a8,54,74,b5,47,71,eb,af,a1,1f,87,aa,6a,d7,9a,ae,30,5c,06,03,55,1d,20,\
04,55,30,53,30,49,06,0a,2a,86,48,86,f8,63,01,02,01,05,30,3b,30,39,06,08,2b,\
06,01,05,05,07,02,01,16,2d,68,74,74,70,3a,2f,2f,77,77,77,2e,70,75,62,6c,69,\
63,2d,74,72,75,73,74,2e,63,6f,6d,2f,43,50,53,2f,4f,6d,6e,69,52,6f,6f,74,2e,\
68,74,6d,6c,30,06,06,04,55,1d,20,00,30,81,89,06,03,55,1d,23,04,81,81,30,7f,\
a1,79,a4,77,30,75,31,0b,30,09,06,03,55,04,06,13,02,55,53,31,18,30,16,06,03,\
55,04,0a,13,0f,47,54,45,20,43,6f,72,70,6f,72,61,74,69,6f,6e,31,27,30,25,06,\
03,55,04,0b,13,1e,47,54,45,20,43,79,62,65,72,54,72,75,73,74,20,53,6f,6c,75,\
74,69,6f,6e,73,2c,20,49,6e,63,2e,31,23,30,21,06,03,55,04,03,13,1a,47,54,45,\
20,43,79,62,65,72,54,72,75,73,74,20,47,6c,6f,62,61,6c,20,52,6f,6f,74,82,02,\
01,a5,30,0e,06,03,55,1d,0f,01,01,ff,04,04,03,02,01,86,30,12,06,03,55,1d,13,\
01,01,ff,04,08,30,06,01,01,ff,02,01,01,30,0d,06,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,03,81,81,00,2d,1e,ab,0b,9a,11,6e,64,72,cd,87,6e,0a,ed,5b,b9,d9,65,\
67,fc,20,3f,43,20,51,17,0b,65,33,35,8d,bf,7f,66,6c,e1,f5,b3,76,02,a9,b8,9d,\
56,2f,0e,b7,74,6b,4e,47,60,fd,2c,73,66,31,58,29,7c,6d,23,dc,96,14,6d,c1,ef,\
e5,f2,cd,5f,20,f6,65,d0,59,ae,bc,83,f2,9b,a5,26,7e,59,da,1c,ea,4e,d3,99,1e,\
45,d1,e9,51,d4,bb,16,6f,d4,b8,6d,91,dc,7b,21,bc,e9,2a,79,02,f2,6c,04,85,3f,\
72,8d,fe,35,80,88,7e,38,9c,10

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA\Certificates\C9C09C433891EDD3E9FA5272550883B5CDF28E7B]
"Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,c9,c0,9c,43,38,91,ed,d3,e9,fa,\
52,72,55,08,83,b5,cd,f2,8e,7b,14,00,00,00,01,00,00,00,14,00,00,00,df,2c,21,\
d3,e3,19,73,bc,4b,61,13,1c,60,ea,4b,bd,e6,ae,20,44,04,00,00,00,01,00,00,00,\
10,00,00,00,3e,23,24,ad,02,60,c1,bb,f3,fb,b8,80,52,86,8d,3b,19,00,00,00,01,\
00,00,00,10,00,00,00,53,26,f0,5b,ba,1f,18,be,b2,23,21,d8,11,05,3b,d9,18,00,\
00,00,01,00,00,00,10,00,00,00,15,f3,25,ef,7d,a5,2b,d1,31,3c,37,67,9c,77,c2,\
97,20,00,00,00,01,00,00,00,5a,05,00,00,30,82,05,56,30,82,04,3e,a0,03,02,01,\
02,02,0a,61,04,82,78,00,02,00,00,00,10,30,0d,06,09,2a,86,48,86,f7,0d,01,01,\
05,05,00,30,27,31,25,30,23,06,03,55,04,03,13,1c,4d,69,63,72,6f,73,6f,66,74,\
20,49,6e,74,65,72,6e,65,74,20,41,75,74,68,6f,72,69,74,79,30,1e,17,0d,30,35,\
30,34,31,34,32,33,31,33,35,33,5a,17,0d,30,37,30,32,32,33,32,33,35,39,30,30,\
5a,30,81,8b,31,13,30,11,06,0a,09,92,26,89,93,f2,2c,64,01,19,16,03,63,6f,6d,\
31,19,30,17,06,0a,09,92,26,89,93,f2,2c,64,01,19,16,09,6d,69,63,72,6f,73,6f,\
66,74,31,14,30,12,06,0a,09,92,26,89,93,f2,2c,64,01,19,16,04,63,6f,72,70,31,\
17,30,15,06,0a,09,92,26,89,93,f2,2c,64,01,19,16,07,72,65,64,6d,6f,6e,64,31,\
2a,30,28,06,03,55,04,03,13,21,4d,69,63,72,6f,73,6f,66,74,20,53,65,63,75,72,\
65,20,53,65,72,76,65,72,20,41,75,74,68,6f,72,69,74,79,30,82,01,22,30,0d,06,\
09,2a,86,48,86,f7,0d,01,01,01,05,00,03,82,01,0f,00,30,82,01,0a,02,82,01,01,\
00,d8,22,60,fe,8c,f8,54,c4,f9,d2,cf,46,08,ba,0d,8f,39,7f,9e,79,c0,5d,bb,9b,\
83,ae,03,08,f5,aa,8f,75,46,e2,d0,d1,68,c1,ec,c7,11,6d,8d,dc,0b,94,fe,ad,08,\
bf,54,73,ee,a5,bf,4f,3d,ba,f2,c7,a7,c0,35,b5,3c,22,3d,e3,85,2a,2d,43,34,00,\
9f,2a,e7,ad,70,97,bb,e9,58,6d,ef,3f,b2,93,37,2e,50,60,a4,35,97,b1,1a,53,ed,\
03,29,58,03,98,e8,c2,5a,38,74,06,53,ed,bc,d0,ab,b0,16,d5,03,8c,35,73,e1,1f,\
c5,12,15,ce,fe,a8,ae,23,98,fc,80,1d,2b,ac,3f,45,88,8c,b0,ab,b8,4b,bd,2e,aa,\
e1,ca,c7,6e,23,8b,53,55,fa,25,fa,f9,23,01,69,d4,c6,61,78,5e,c4,26,66,a5,d6,\
9e,93,5b,a2,d7,9e,8f,00,83,54,c5,33,93,b2,50,49,bd,f0,22,9c,87,2b,fc,b4,3b,\
c3,df,16,79,b7,db,b6,fa,d8,86,14,cb,ae,ce,8f,c1,2d,7f,05,8d,1e,d1,ab,0c,f8,\
77,d6,d3,fe,3a,00,69,cb,0c,f5,36,14,2c,23,e1,1d,c5,47,a6,bc,40,15,8c,08,d6,\
4f,1c,58,95,b4,0f,95,02,03,01,00,01,a3,82,02,1d,30,82,02,19,30,12,06,03,55,\
1d,13,01,01,ff,04,08,30,06,01,01,ff,02,01,00,30,1d,06,03,55,1d,0e,04,16,04,\
14,df,2c,21,d3,e3,19,73,bc,4b,61,13,1c,60,ea,4b,bd,e6,ae,20,44,30,0b,06,03,\
55,1d,0f,04,04,03,02,01,86,30,12,06,09,2b,06,01,04,01,82,37,15,01,04,05,02,\
03,02,00,02,30,23,06,09,2b,06,01,04,01,82,37,15,02,04,16,04,14,27,c5,1f,fb,\
14,99,d0,e7,d4,06,42,f6,b5,c4,ce,58,52,69,66,e9,30,7f,06,03,55,1d,20,04,78,\
30,76,30,74,06,0a,2b,06,01,04,01,82,37,2a,01,01,30,66,30,64,06,08,2b,06,01,\
05,05,07,02,02,30,58,1e,56,00,68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,\
00,77,00,77,00,2e,00,6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,\
2e,00,63,00,6f,00,6d,00,2f,00,70,00,6b,00,69,00,2f,00,6d,00,73,00,63,00,6f,\
00,72,00,70,00,2f,00,63,00,70,00,73,00,2e,00,68,00,74,00,6d,30,19,06,09,2b,\
06,01,04,01,82,37,14,02,04,0c,1e,0a,00,53,00,75,00,62,00,43,00,41,30,1f,06,\
03,55,1d,23,04,18,30,16,80,14,27,e1,a0,3a,a8,54,74,b5,47,71,eb,af,a1,1f,87,\
aa,6a,d7,9a,ae,30,66,06,03,55,1d,1f,04,5f,30,5d,30,5b,a0,59,a0,57,86,34,68,\
74,74,70,3a,2f,2f,63,72,6c,2e,6d,69,63,72,6f,73,6f,66,74,2e,63,6f,6d,2f,70,\
6b,69,2f,6d,73,63,6f,72,70,2f,63,72,6c,2f,6d,73,77,77,77,28,32,29,2e,63,72,\
6c,86,1f,68,74,74,70,3a,2f,2f,63,6f,72,70,70,6b,69,2f,63,72,6c,2f,6d,73,77,\
77,77,28,32,29,2e,63,72,6c,30,79,06,08,2b,06,01,05,05,07,01,01,04,6d,30,6b,\
30,3c,06,08,2b,06,01,05,05,07,30,02,86,30,68,74,74,70,3a,2f,2f,77,77,77,2e,\
6d,69,63,72,6f,73,6f,66,74,2e,63,6f,6d,2f,70,6b,69,2f,6d,73,63,6f,72,70,2f,\
6d,73,77,77,77,28,32,29,2e,63,72,74,30,2b,06,08,2b,06,01,05,05,07,30,02,86,\
1f,68,74,74,70,3a,2f,2f,63,6f,72,70,70,6b,69,2f,61,69,61,2f,6d,73,77,77,77,\
28,32,29,2e,63,72,74,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,03,82,01,\
01,00,0d,1b,a3,f0,a9,58,74,a5,4e,1e,cd,0b,e3,ec,fa,82,ae,0c,8b,69,93,91,6b,\
25,a7,3e,4b,83,f7,32,05,5a,96,75,15,4b,2a,3a,c1,52,4b,6e,d5,7f,fc,ad,99,fc,\
91,5d,a0,2b,18,cb,a2,38,a7,8a,f5,eb,a1,0f,54,a5,76,85,82,8a,e8,b8,01,d3,00,\
c7,fc,69,9a,bf,aa,9a,30,35,f0,f0,50,45,4b,c0,ad,74,46,a6,28,b2,26,03,79,f4,\
53,a5,84,af,64,7f,02,ab,de,95,da,82,e3,e6,3b,42,c1,fb,e1,2a,87,45,e8,68,08,\
f0,ef,cb,26,15,42,23,3e,e5,c6,87,e2,03,79,2b,7a,85,76,01,3f,b7,37,d4,2d,dc,\
56,1e,1f,fb,d9,35,fe,18,86,24,c4,08,c5,ed,92,74,73,ab,56,b2,99,8d,4d,e5,79,\
a0,3a,2b,83,dc,4d,f7,9e,b2,55,35,13,f2,e7,68,dd,a5,f6,42,29,45,06,5f,53,66,\
34,08,f4,fa,18,38,bc,c7,ac,20,d2,06,7c,cc,60,21,aa,bc,b6,24,9b,34,56,77,05,\
de,cd,08,ff,6b,f1,dc,86,40,68,29,c6,fb,13,0e,6f,8c,11,8a,33,0a,ca,85,df,a3,\
ce,cc,26,c3,b4,f8,eb,89

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Disallowed]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\My]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Root]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Root\Certificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Root\CRLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Root\CTLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\Root\ProtectedRoots]
"Certificates"=hex:18,00,00,00,01,00,00,00,10,dd,68,d5,60,93,c5,01,00,00,00,00,\
18,00,00,00

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\trust]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\EC77857721E7DFB88A5881AA4BB23151D82DE208]
"Blob"=hex:03,00,00,00,01,00,00,00,14,00,00,00,ec,77,85,77,21,e7,df,b8,8a,58,\
81,aa,4b,b2,31,51,d8,2d,e2,08,04,00,00,00,01,00,00,00,10,00,00,00,14,55,ac,\
d7,ab,ad,1b,b4,23,35,d3,05,17,1c,d6,27,14,00,00,00,01,00,00,00,14,00,00,00,\
c7,28,ce,5b,a3,10,d0,ff,01,13,9b,5c,4c,a7,41,0b,38,f5,7b,d1,19,00,00,00,01,\
00,00,00,10,00,00,00,89,a1,4e,29,fd,36,44,f5,21,c7,9d,6f,d6,f8,5e,0e,18,00,\
00,00,01,00,00,00,10,00,00,00,ec,1a,4d,91,00,ee,75,02,8f,a1,a6,fa,e1,39,86,\
15,0f,00,00,00,01,00,00,00,10,00,00,00,d2,3e,97,b1,b4,8e,4f,51,17,41,cd,e1,\
fb,5f,99,ea,20,00,00,00,01,00,00,00,ce,03,00,00,30,82,03,ca,30,82,03,33,a0,\
03,02,01,02,02,03,20,c3,78,30,0d,06,09,2a,86,48,86,f7,0d,01,01,04,05,00,30,\
55,31,0b,30,09,06,03,55,04,06,13,02,5a,41,31,25,30,23,06,03,55,04,0a,13,1c,\
54,68,61,77,74,65,20,43,6f,6e,73,75,6c,74,69,6e,67,20,28,50,74,79,29,20,4c,\
74,64,2e,31,1f,30,1d,06,03,55,04,03,13,16,54,68,61,77,74,65,20,43,6f,64,65,\
20,53,69,67,6e,69,6e,67,20,43,41,30,1e,17,0d,30,34,31,32,32,39,31,35,31,36,\
34,37,5a,17,0d,30,36,30,31,30,38,31,32,32,39,34,39,5a,30,81,82,31,0b,30,09,\
06,03,55,04,06,13,02,46,52,31,0e,30,0c,06,03,55,04,08,13,05,50,41,52,49,53,\
31,0e,30,0c,06,03,55,04,07,13,05,50,41,52,49,53,31,14,30,12,06,03,55,04,0a,\
13,0b,4d,4f,4e,54,4f,52,47,55,45,49,4c,31,27,30,25,06,03,55,04,0b,13,1e,53,\
65,63,75,72,65,20,41,70,70,6c,69,63,61,74,69,6f,6e,20,44,65,76,65,6c,6f,70,\
6d,65,6e,74,31,14,30,12,06,03,55,04,03,13,0b,4d,4f,4e,54,4f,52,47,55,45,49,\
4c,30,82,01,22,30,0d,06,09,2a,86,48,86,f7,0d,01,01,01,05,00,03,82,01,0f,00,\
30,82,01,0a,02,82,01,01,00,b4,89,ca,3c,85,6c,02,cf,4c,db,d1,7f,0c,e0,c3,e1,\
25,c3,17,3b,70,97,71,d7,06,7c,a5,02,55,2c,c7,08,24,10,6d,39,e2,71,e8,11,12,\
d0,21,3d,28,fb,07,15,99,f6,4a,c6,28,0d,a7,06,c5,e5,24,08,06,53,70,64,96,ca,\
f8,50,c2,5b,ed,94,76,45,ee,67,fd,43,36,48,4d,7a,d0,00,43,ae,1f,e5,0e,55,d7,\
79,01,df,dd,3a,d5,f7,f6,66,13,ef,81,ac,df,ff,37,d7,64,e0,58,db,64,d7,9d,80,\
06,c4,0e,34,60,34,1a,24,c9,ee,10,da,d6,0f,af,ea,18,ad,c2,eb,b0,c6,40,6d,9a,\
b0,97,a3,b0,37,63,fb,3d,34,59,91,28,97,44,2b,41,c7,c8,36,23,a9,27,d5,2e,fd,\
ed,74,21,55,47,00,32,30,29,b9,58,15,f7,a3,df,dc,b7,8f,a3,30,74,32,41,54,fd,\
54,2e,f9,6e,08,81,1d,3e,1e,c2,29,23,4a,c2,ac,d9,e6,7a,a3,5c,a3,b9,e5,b6,e5,\
02,fd,90,b6,db,b5,2f,95,d2,a8,78,22,42,36,f7,a2,0f,48,42,fc,43,c2,29,9d,89,\
25,73,91,59,4a,ee,b7,41,d5,2e,a3,c7,02,c8,6f,02,03,01,00,01,a3,81,f5,30,81,\
f2,30,1f,06,03,55,1d,25,04,18,30,16,06,08,2b,06,01,05,05,07,03,03,06,0a,2b,\
06,01,04,01,82,37,02,01,16,30,11,06,09,60,86,48,01,86,f8,42,01,01,04,04,03,\
02,04,10,30,1d,06,03,55,1d,04,04,16,30,14,30,0e,30,0c,06,0a,2b,06,01,04,01,\
82,37,02,01,16,03,02,07,80,30,1b,06,03,55,1d,11,04,14,30,12,82,10,77,77,77,\
2e,63,61,72,70,65,64,69,65,6d,2e,66,72,30,3e,06,03,55,1d,1f,04,37,30,35,30,\
33,a0,31,a0,2f,86,2d,68,74,74,70,3a,2f,2f,63,72,6c,2e,74,68,61,77,74,65,2e,\
63,6f,6d,2f,54,68,61,77,74,65,43,6f,64,65,53,69,67,6e,69,6e,67,43,41,2e,63,\
72,6c,30,32,06,08,2b,06,01,05,05,07,01,01,04,26,30,24,30,22,06,08,2b,06,01,\
05,05,07,30,01,86,16,68,74,74,70,3a,2f,2f,6f,63,73,70,2e,74,68,61,77,74,65,\
2e,63,6f,6d,30,0c,06,03,55,1d,13,01,01,ff,04,02,30,00,30,0d,06,09,2a,86,48,\
86,f7,0d,01,01,04,05,00,03,81,81,00,c3,9b,34,17,a4,15,59,cc,e0,82,c9,14,1b,\
5f,44,c3,d7,e4,b4,55,ef,31,d2,33,00,ac,a5,7c,d1,1d,4c,aa,eb,00,31,cf,08,e9,\
2f,4c,a2,1b,33,66,6a,51,fa,3b,0d,c7,27,ae,f2,dd,2c,90,32,eb,f9,7d,fa,fe,a0,\
c1,51,f3,00,df,46,32,89,0c,17,cd,0a,be,09,21,75,83,c3,7b,81,ef,73,dd,69,3c,\
06,f4,c6,98,fb,60,af,33,26,62,7e,99,8c,82,5f,bc,5f,51,3b,b5,ee,ca,79,ff,f4,\
3a,3e,0f,19,f7,53,7e,84,d8,c3,31,31,47,57,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\䅃]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\䅃\Certificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\䅃\CRLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\䅃\CTLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\奍]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\奍\Certificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\奍\CRLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\奍\CTLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\摁牤獥䉳潯k]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\摁牤獥䉳潯k\Certificates]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\摁牤獥䉳潯k\CRLs]

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\摁牤獥䉳潯k\CTLs]

Réponse 73 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
22 mars 2009 à 00:12

Bonsoir,

Si tu n'as plus usage de Daemon Tools, désinstalle les versions qui sont sur l'ordi (via le Panneau de configuration)

ça n'a pas marché, probablement parce que la version de Combofix est trop ancienne.

Supprime combofix.exe sur ton Bureau.

Fais ceci :

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

RegNull::
[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Ouvre le registre (Démarrer, exécuter, tape regedit dans la zone de saisie et OK) et navigue avec les + et les - jusqu'à la clé

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

Clique successivement sur Fichier puis sur Exporter et choisis un nom (XXXXXX par exemple). Tu retiens le nom du répertoire (Mes documents par défaut).

Ferme le registre et ouvre l'explorateur Windows.

Clique droit sur le fichier et choisis Modifier.

Le bloc-notes s'ouvre avec le contenu de la clé.

Copie le dans ta réponse.

Ce n'est pas la peine d'éditer la clé si tu n'accèdes pas à AddressBook

C'est celle-ci qui pose problème.

Réponse 74 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
22 mars 2009 à 16:23

Bonjour,

je ne trouve pas le dossier "Addressbook*". Dans le dossier Systemcertificates se trouvent 9 sous-dossiers :
CA - Disallowed - My - Root - Trust - Trustedpublisher - "1 carré" - "5 carrés" puis k - "1 carré".

Je poste tout de même les rapports Combofix et Hijackthis :

ComboFix 09-03-19.02 - G 2009-03-22 15:28:25.11 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.233 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-22 au 2009-03-22 ))))))))))))))))))))))))))))))))))))
.

2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\program files\Avira
2009-03-16 13:56 . 2009-03-16 13:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 14:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 19:09 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-12 16:23 --------- d-----w c:\program files\eMule
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-03 11:31 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-26 16:09 --------- d-----w c:\program files\CCleaner
2009-01-26 15:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-26 15:45 --------- d-----w c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 12:02 --------- d-----w c:\program files\trend micro
2009-01-22 15:19 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Lite
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 14:53 --------- d-----w c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 14:46 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-03-17_14.14.04.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-21 21:08:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_160.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 15:31:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-22 15:34:14
ComboFix-quarantined-files.txt 2009-03-22 14:33:59
ComboFix2.txt 2009-03-21 21:22:03
ComboFix3.txt 2009-03-17 15:25:08
ComboFix4.txt 2009-03-17 13:15:59
ComboFix5.txt 2009-03-22 14:26:13

Avant-CF: 84 895 563 776 octets libres
Après-CF: 84,883,537,920 octets libres

Current=1 Default=1 Failed=3 LastKnownGood=5 Sets=1,3,4,5
147 --- E O F --- 2009-03-17 02:06:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:35, on 22/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\GAROCHE\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Réponse 75 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
22 mars 2009 à 17:02

Re,

avant de désinstaller daemon Tools (les 3 versions), fais une copie de

C:\WINDOWS\System32\Drivers\sptd.sys

(fais un clic droit sur le fichier et choisis Copier, positionne le cursor dans la fenêtre et clic droit et Coller. Tu dois avoir un fichier C:\WINDOWS\System32\Drivers\copie de sptd.sys);

Renomme ce fichier C:\WINDOWS\System32\Drivers\spmp.sys (clic droit et renommer)

Fais redémarrer l'ordi et remets un rapport gmer.

Réponse 76 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
22 mars 2009 à 17:30

Re,

J'avais déjà désinstallé Deamon tools mais pas par le panneau de config. car je ne le trouvais pas à cet endroit. J'ai utilisé le logiciel de désinstallation fourni avec.

Dois-je effectuer la manip que tu me demandes tout de même ?

Merci.

Réponse 77 / 88

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
22 mars 2009 à 19:02

Re,

si elle est encore possible oui.

Réponse 78 / 88

gastonlagaf Messages postés 84 Date d'inscription mercredi 6 décembre 2006 Statut Membre Dernière intervention 15 janvier 2014 2
22 mars 2009 à 21:51

Re,

Ça a été possible , voici le rapport GMER :

GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-22 21:48:52
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT spul.sys ZwCreateKey [0xF84960E0]
SSDT F8C0A0BC ZwCreateThread
SSDT spul.sys ZwEnumerateKey [0xF84B4CA2]
SSDT spul.sys ZwEnumerateValueKey [0xF84B5030]
SSDT spul.sys ZwOpenKey [0xF84960C0]
SSDT F8C0A0A8 ZwOpenProcess
SSDT F8C0A0AD ZwOpenThread
SSDT spul.sys ZwQueryKey [0xF84B5108]
SSDT spul.sys ZwQueryValueKey [0xF84B4F88]
SSDT spul.sys ZwSetValueKey [0xF84B519A]
SSDT F8C0A0B7 ZwTerminateProcess
SSDT F8C0A0B2 ZwWriteVirtualMemory

INT 0x62 ? 82F71BF8
INT 0x82 ? 82F71BF8
INT 0x83 ? 82F73F00
INT 0xB4 ? 82D07BF8
INT 0xB4 ? 82D07BF8
INT 0xB4 ? 82D07BF8
INT 0xB4 ? 82D07BF8
INT 0xB4 ? 82D07BF8
INT 0xB4 ? 82D07BF8

---- Kernel code sections - GMER 1.0.15 ----

? spul.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F810F8AC 5 Bytes JMP 82D071D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F735E0
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F84C7C4C] spul.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84C7CA0] spul.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8497040] spul.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F849713C] spul.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84970BE] spul.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84977FC] spul.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84976D2] spul.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82D072D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84A7048] spul.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82FDD1F8
Device \FileSystem\Fastfat \FatCdrom 82AE3500
Device \Driver\usbuhci \Device\USBPDO-0 82D061F8
Device \Driver\usbuhci \Device\USBPDO-1 82D061F8
Device \Driver\usbuhci \Device\USBPDO-2 82D061F8
Device \Driver\usbuhci \Device\USBPDO-3 82D061F8
Device \Driver\usbehci \Device\USBPDO-4 82CD91F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FAADA303-9E48-4837-9027-EA0EFA769A58} 8280B1F8
Device \Driver\Cdrom \Device\CdRom0 82D14500
Device \Driver\USBSTOR \Device\00000075 827C81F8
Device \Driver\USBSTOR \Device\00000076 827C81F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8280B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{205B0A0A-6C9F-48B0-8B33-60555AF41911} 8280B1F8
Device \Driver\NetBT \Device\NetbiosSmb 8280B1F8
Device \Driver\usbuhci \Device\USBFDO-0 82D061F8
Device \Driver\usbuhci \Device\USBFDO-1 82D061F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 827EF1F8
Device \Driver\usbuhci \Device\USBFDO-2 82D061F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 827EF1F8
Device \Driver\usbuhci \Device\USBFDO-3 82D061F8
Device \Driver\usbehci \Device\USBFDO-4 82CD91F8
Device \Driver\Ftdisk \Device\FtControl 82FDF1F8
Device \Driver\viamraid \Device\Scsi\viamraid1 82FDE1F8
Device \FileSystem\Fastfat \Fat 82AE3500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 82B24500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB0 0x68 0x53 0x90 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1C 0xC6 0xE4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0xB6 0x1A 0x6E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x59 0x6D 0x7B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1C 0xC6 0xE4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0xB6 0x1A 0x6E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x59 0x6D 0x7B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB0 0x68 0x53 0x90 ...

---- EOF - GMER 1.0.15 ----

gugu01 Messages postés 15840 Date d'inscription samedi 21 mars 2009 Statut Contributeur Dernière intervention 12 décembre 2023 4 627
25 mars 2009 à 20:18

bonsoir
as tu acces a internet ?
j ai u un souci win 32 ...........(je me rappel plu de la suite ) et j ai retrouver l utilité de mon pc avec trojan remover (en essai )
il a trouver un dossier infecter qui me bloquai mon bureau donc l utilisation
avec ad awar je le trouvai le supprimais en sans échec et quelque minute après tout revenait et awast me mettai un message du meme genre mais ne le trouvais pas au scan
si ca peut aider .....

Réponse 79 / 88

gugu01 Messages postés 15840 Date d'inscription samedi 21 mars 2009 Statut Contributeur Dernière intervention 12 décembre 2023 4 627
22 mars 2009 à 22:11

salut gastonlagaf
https://forum.zebulon.fr/topic/145797-faux-positif-davast-win32rootkit-genrtk-sur-svchostexe/
essai se lien car se serai un beug d avast il ne faux pas supprimer ni mettre en quarantaine se faux virus
messieur si vous pouviez comfirmer mes dire sa serai plus sur

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
22 mars 2009 à 22:32

Salut,

un faux positif est corrigé dans la semaine (si la réaction est lente).

Ton lien a 6 mois.

Hélas, le problème est plus compliqué.

Réponse 80 / 88

gugu01 Messages postés 15840 Date d'inscription samedi 21 mars 2009 Statut Contributeur Dernière intervention 12 décembre 2023 4 627
22 mars 2009 à 22:56

désoler je suis un novice qui aime l info et tente d aider
et c avec des personne comme toi lyonnais92 que j en apprend de plus en plus MERCI !!!
je me retire de se post trop chaud pour moi pour l instant

Rootik-gen[Rtk] détecté par Avast

88 réponses

Discussions similaires

Newsletters