TR/Crypt.PEPM.Gen

Question

Bonjour,

Depuis aujourd'hui, avira me détecte TR/Crypt.PEPM.Gen - Trojan.
J'ai passé Malwarebytes mais ça n'a pas l'air de fonctionner.

J'ai l'impression qu'il me bloque mes mises à jour d'Avira.

Si vous pouvez m'aider ...

merci

totobetourne · Answer

bonjour


1)colle le rapport malwarebyte, le scan doit etre effectue en mode sans echec.



2)colle un rapport antivir mais avant configure le bien.
bien configurer antivir.configuration puis mode expert a cocher puis dans scanner et recherche , cocher tout les fichiers ainsi que analyse de rootkit et priorite de scanner eleve.



3)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.

totobetourne · Answer

passe cela
pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

pimprenelle27 · Answer

Je viens en aide, déjà tu va me faire ceci : 

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

&#9679; Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
&#9679; Double clique sur l'icône Ad-removersituée sur ton bureau
&#9679; Au menu principal choisi l'option "A"
&#9679; Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

pimprenelle27 · Answer

Déconnectes toi et fermes toutes applications en cours !

Redémarre en mode sans échec comme indiqué  ici ;  Choisis ta session courante.

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

gatco · Answer

------- LOGFILE OF AD-REMOVER 1.1.1.1 | ONLY XP/VISTA -------

Updated by C_XX on 12/02/2009 at 19:00

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim

******************

Start at: 23:39:37 | Jeu 12/02/2009 | Boot mode: Safe Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 3 (version 5.1.2600)
Computer Name: COTONNEC-E49037
User(s):
- Gaetan - Current User - Administrator
- Christelle - Not Current User
- Mathis - Not Current User
Drive(s): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- E:\  (File System: FAT32)
- F:\  (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 16

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
.

+--------------------| Eorezo Elements Deleted :

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.

+--------------------| Infected Poker Softwares Elements Deleted :

.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+--------------------| It's TV Elements Deleted :

HKCU\Software\ItsLabel
.

+--------------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| Added Scan :

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: d2vsqgwz.default
.
Prefs.js: Browser.Search.DefaultEngineName:  "Google"
Prefs.js: Browser.Search.SelectedEngine:  "Google"
Prefs.js: Browser.Search.DefaultUrl:  "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-725345543-492894223-839522115-1004\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~3633 Bytes] - "C:\Ad-Report-Clean-12.02.2009.log"
[~3149 Bytes] - "C:\Ad-Report-Scan-12.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\12.02.2009 - Prefs.js

End at: 23:42:07 | 12/02/2009
.
+--------------------| E.O.F - 85 Lines
.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:35, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

pimprenelle27 · Answer

ensuite tu vas me faire ceci  : 

Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un. Merci.

Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

gatco · Answer

Rapport GenProc 2.372 [1] - 13/02/2009 - Windows XP 
 
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 

 
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
- C:\Program Files\EsetOnlineScanner\log.txt

__________________________________________________________________________________________________________
 
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

pimprenelle27 · Answer

ok donc fait ceci maintenant : 

Telecharge malwarebytes

NB : S'il te manque COMCTL32.OCX alors télécharge le ici

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log


Tutoriaux

pimprenelle27 · Answer

Ensuite celui ci : 

Pour commencer :  faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner


Télécharge Superantispyware (SAS)



Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.


Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

gatco · Answer

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 02/13/2009 at 03:22 PM

Application Version : 4.25.1012

Core Rules Database Version : 3756
Trace Rules Database Version: 1720

Scan type       : Complete Scan
Total Scan Time : 01:00:15

Memory items scanned      : 401
Memory threats detected   : 0
Registry items scanned    : 5503
Registry threats detected : 0
File items scanned        : 107494
File threats detected     : 1

Adware.GloboLook
	C:\PROGRAM FILES\IGN RANDO\ICONES\AVION.ICO

pimprenelle27 · Answer

bien il en à trouvé un petit dernier, maintenant ceci : 

Fais un scan en ligne avec Internet explorer (merci !aur3n7=
* Rend toi sur ce site https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Clique sur l'image de droite Kaspersky Online scanner

-- Une notice s'affichera , clique sur le bouton j'accepte (après en avoir pris connaissance bien sur)
note: Si le scanner n'a pas encore été installé (ActivX) un message te demandera si tu accepte ou non de le faire.

-- L'installation et la mise à jour de la base antivirale se feront automatiquement.

* Clique sur Suivant

* Clique sur le bouton paramètres d'analyse

-- à l'option analyser avec la base antivirus suivant :
---- [X] étendue
-- dans les options d'analyse contrôle que les cases suivantes soient cochées
---- [X] analyser les archives
---- [X] analyser les bases de messagerie
-- Clique sur le bouton OK

* choisis Poste de travail pour lancer le scan

* Une fois le scan terminé sauvegarde le rapport Clique sur Enregistrer rapport sous

-- Pour le retrouver facilement met le sur le bureau

-- dans nom de fichier entre Kaspersky

-- A type de fichier choisis text file (*.txt) puis clique sur le bouton enregistrer

* Fais un copier coller du contenu de ce fichier dans ta prochaine réponse.

Note :
- En cas de problème vérifies ces quelques points https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809
- Ton antivirus résident pourrait empêcher ou perturber le déroulement du scan. Kaspersky conseille de le désactiver avant de lancer le scan. (pour la durée du scan uniquement)
- En cas de problème tu trouveras une démonstration animée sur le lien donné ou si besoin un tutoriel https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

gatco · Answer

ya encore des cochonneries ...

-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Friday, February 13, 2009 6:23:54 PM
 Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
 Kaspersky On-line Scanner version : 5.0.84.2
 Dernière mise à jour de la base antivirus Kaspersky : 13/02/2009
 Enregistrements dans la base antivirus Kaspersky : 1792514
-------------------------------------------------------------------------------

Paramètres d'analyse:
	Analyser avec la base antivirus suivante: étendue
	Analyser les archives: vrai
	Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\

Statistiques de l'analyse:
	Total d'objets analysés: 110846
	Nombre de virus trouvés: 1
	Nombre d'objets infectés: 1 / 0
	Nombre d'objets suspects: 0
	Durée de l'analyse: 01:28:45

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Gaetan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-2-13-2009( 15-24-52 ).SDB	L'objet est verrouillé	ignoré
C:\Documents and Settings\Gaetan\Cookies\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Gaetan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Gaetan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\Gaetan\Local Settings\Historique\History.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Gaetan\Local Settings	emp\~DF9F95.tmp	L'objet est verrouillé	ignoré
C:\Documents and Settings\Gaetan\Local Settings\Temporary Internet Files\Content.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\Gaetan\NTUSER.DAT	L'objet est verrouillé	ignoré
C:\Documents and Settings\Gaetan
tuser.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService
tuser.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT	L'objet est verrouillé	ignoré
C:\Documents and Settings\NetworkService
tuser.dat.LOG	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db	L'objet est verrouillé	ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal	L'objet est verrouillé	ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase	L'objet est verrouillé	ignoré
C:\System Volume Information\_restore{897E5B4E-590E-4E09-AC5B-38D841F0FF3D}\RP530\A0108938.exe	Infecté : not-a-virus:AdWare.Win32.NaviPromo.gen	ignoré
C:\System Volume Information\_restore{897E5B4E-590E-4E09-AC5B-38D841F0FF3D}\RP533\change.log	L'objet est verrouillé	ignoré
C:\WINDOWS\Debug\PASSWD.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\SchedLgU.Txt	L'objet est verrouillé	ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	L'objet est verrouillé	ignoré
C:\WINDOWS\Sti_Trace.log	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\CatRoot2\edb.log	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\CatRoot2	mp.edb	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\AppEvent.Evt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\default	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\default.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\Internet.evt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SAM	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SAM.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SecEvent.Evt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SECURITY	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SECURITY.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\software	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\software.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SysEvent.Evt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\system	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\system.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\drivers\sptd.sys	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\h323log.txt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	L'objet est verrouillé	ignoré
C:\WINDOWS\wiadebug.log	L'objet est verrouillé	ignoré
C:\WINDOWS\wiaservc.log	L'objet est verrouillé	ignoré
C:\WINDOWS\WindowsUpdate.log	L'objet est verrouillé	ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase	L'objet est verrouillé	ignoré

Analyse terminée.

pimprenelle27 · Answer

Il n'y en à qu'un

C:\System Volume Information\_restore{897E5B4E-590E-4E09-AC5B-38D841F0FF3D}\R­P530\A0108938.exe Infecté : not-a-virus:AdWare.Win32.NaviPromo.gen ignoré 

Pour cela, tu vas faire ceci :

Purge de la restauration système
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...

*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...

( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).



Tuto xp : http://service1.symantec.com/


tuto vista : Désactive et reactive ta restauration

gatco · Answer

ça y est ...

j'ai un doute : fallait pas que je supprime qq chose avec KASPERSKY ON-LINE SCANNER ?

là, j'ai juste désactiver la restauration/redemarrer/activer la restauration ...

pimprenelle27 · Answer

non pourquoi.


Maintenant un dernier hijack. Merci.

gatco · Answer

je me disais qu'il fallait peut être que kaspersky supprime le truc qu'il avait trouvé ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:11, on 13/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

pimprenelle27 · Answer

on viens de le faire la suppression de kaspersky, on va pas le faire 2 fois.

gatco · Answer

c'est fini ?

pimprenelle27 · Answer

je viens de me rendre compte que je t'ai même demandé de supprimer ce qu'avait trouvé SAS. est ce que là fait?

pimprenelle27 · Answer

pour moi ça me parait ok? de ton côté tout va bien

Fait ceci pour supprimer les logiciels utilisé.

Télécharge Toolscleaner sur ton Bureau :

* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

gatco · Answer

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Gaetan\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Gaetan\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Gaetan\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Gaetan\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\RECYCLER\S-1-5-21-725345543-492894223-839522115-1004\Dc5\GenProc: trouvé !
C:\RECYCLER\S-1-5-21-725345543-492894223-839522115-1004\Dc5\GenProc\outil\HijackThis.exe: trouvé !
C:\RECYCLER\S-1-5-21-725345543-492894223-839522115-1004\Dc5\GenProc\outil\hijackthis.log: trouvé !
C:\RECYCLER\S-1-5-21-725345543-492894223-839522115-1004\Dc5\GenProc\Page\GenProc[*].html: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Gaetan\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Gaetan\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Gaetan\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\RECYCLER\S-1-5-21-725345543-492894223-839522115-1004\Dc5\GenProc\outil\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\Gaetan\Bureau\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\RECYCLER\S-1-5-21-725345543-492894223-839522115-1004\Dc5\GenProc\outil\hijackthis.log: supprimé !
C:\RECYCLER\S-1-5-21-725345543-492894223-839522115-1004\Dc5\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\RECYCLER\S-1-5-21-725345543-492894223-839522115-1004\Dc5\GenProc: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !

pimprenelle27 · Answer

alors et ton pc?

gatco · Answer

ça a l'air de tourner normalement !

pimprenelle27 · Answer

OK donc tu peux mettre en résolu sauf si tu as encore autre chose.

gatco · Answer

plusieurs choses en fait ... 
Qu'est ce que vous avez trouvé avec totobetourne ?

il y avait bcp de trucs ?

est-ce qu'on peut savoir quand j'ai attrapé ces merdes, où, ...

et surtout comment faire pour éviter ça.

un grand merci à tous les 2 en tous cas !

pimprenelle27 · Answer

une dernière chose, 

 tu peux me faire ceci juste por vérif : merci.

Téléchargez SmitfraudFix et enregistrez-le sur le bureau
    * Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
    * Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
    * A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.

Regarde bien le tuto qui est avec


/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.

En mode sans echec la suppression des fichiers présents.


process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

gatco · Answer

SmitFraudFix v2.395

Rapport fait à  0:15:22,54, 14/02/2009
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Thunderbird	hunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gaetan


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gaetan\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gaetan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gaetan\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3955DF14-1502-41E6-A9C6-1682A2F96BFE}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3955DF14-1502-41E6-A9C6-1682A2F96BFE}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3955DF14-1502-41E6-A9C6-1682A2F96BFE}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3955DF14-1502-41E6-A9C6-1682A2F96BFE}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

totobetourne · Answer

juste present

totobetourne · Answer

j aimerai bien revoir un rapport combo fix car le premier pas complet et en plus tres long car plein de clefs bloquees . normallement cela n apparait pas dans un hijack.

gatco · Answer

je reviens ....

SmitFraudFix v2.395

Rapport fait à 23:42:56,76, 16/02/2009
Executé à partir de C:\Documents and Settings\Gaetan\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3955DF14-1502-41E6-A9C6-1682A2F96BFE}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3955DF14-1502-41E6-A9C6-1682A2F96BFE}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3955DF14-1502-41E6-A9C6-1682A2F96BFE}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3955DF14-1502-41E6-A9C6-1682A2F96BFE}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

totobetourne · Answer

nouveau rapport combo fix.

gatco · Answer

voilà ...

ComboFix 09-02-15.01 - Gaetan 2009-02-16 23:56:05.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.680 [GMT 1:00]
Lancé depuis: c:\documents and settings\Gaetan\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-16 au 2009-02-16 ))))))))))))))))))))))))))))))))))))
.

2009-02-13 23:39 . 2009-02-13 23:39 78,312,662 --a------ C:\Sauv.reg
2009-02-13 15:46 . 2009-02-13 15:46 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-02-13 14:16 . 2009-02-13 14:16 3,550 --a------ C:\cc_20090213_141640.reg
2009-02-13 14:12 . 2009-02-13 14:12 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-02-13 14:12 . 2009-02-13 14:12 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-13 14:12 . 2009-02-13 14:12 <REP> d-------- c:\documents and settings\Gaetan\Application Data\SUPERAntiSpyware.com
2009-02-13 14:12 . 2009-02-13 14:12 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-12 23:18 . 2009-02-12 23:38 <REP> d-------- c:\program files\Ad-remover
2009-02-12 19:19 . 2009-02-13 23:39 <REP> d-------- c:\program files\Trend Micro
2009-02-12 14:07 . 2009-02-12 14:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 14:07 . 2009-02-12 14:07 <REP> d-------- c:\documents and settings\Gaetan\Application Data\Malwarebytes
2009-02-12 14:07 . 2009-02-12 14:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 14:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 14:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 21:00 . 2009-02-07 21:00 <REP> d-------- c:\documents and settings\Mathis\Application Data\K-Meleon
2009-01-24 14:42 . 2009-01-24 14:42 <REP> d-------- c:\program files\Hercules
2009-01-24 14:42 . 2005-06-21 10:29 245,408 --a------ c:\windows\system32\unicows.dll
2009-01-24 14:31 . 2009-01-24 14:31 <REP> d-------- c:\windows\OvtCam
2009-01-24 14:31 . 2005-03-15 17:04 161,792 --------- c:\windows\system32\drivers\ov530vid.sys
2009-01-24 14:31 . 2004-08-05 17:34 61,440 --------- c:\windows\ov530dib.dll
2009-01-24 14:31 . 2005-09-30 09:42 40,960 --------- c:\windows\system32\ov530ext.dll
2009-01-24 14:31 . 2004-11-09 00:37 25,177 --------- c:\windows\system32\drivers\ov530cmd.sys
2009-01-24 14:31 . 2005-09-30 09:56 18,972 --------- c:\windows\system32\ov530ext.ax
2009-01-24 14:31 . 2004-07-20 01:50 16,440 --------- c:\windows\system32\ov530usd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 22:02 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-16 19:27 --------- d-----w c:\program files\Google
2009-02-12 13:05 --------- d-----w c:\program files\Inkscape
2009-02-12 13:05 --------- d-----w c:\documents and settings\Gaetan\Application Data\Inkscape
2009-02-12 13:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-24 16:07 --------- d-----w c:\documents and settings\Gaetan\Application Data\uTorrent
2009-01-24 15:43 --------- d-----w c:\documents and settings\Christelle\Application Data\ArcSoft
2009-01-17 10:54 --------- d-----w c:\program files\MyFirstKd
2009-01-10 23:11 --------- d-----w c:\program files\SopCast
2009-01-10 15:17 --------- d-----w c:\program files\AviSynth 2.5
2009-01-10 15:02 --------- d-----w c:\program files\GXTranscoderv5
2009-01-09 22:24 --------- d-----w c:\program files\Zylom Games
2008-12-29 09:11 --------- d-----w c:\program files\Maxis
2008-12-28 23:26 --------- d-----w c:\program files\CCleaner
2008-12-28 21:59 --------- d-----w c:\program files\Cossacks
2008-12-28 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-26 15:28 --------- d-----w c:\documents and settings\Gaetan\Application Data\MP-Manager
2008-12-26 15:16 --------- d-----w c:\program files\MPMAN
2008-12-21 17:35 --------- d-----w c:\program files\Yahoo!
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 18:37 15,554 ----a-w C:\cc_20081211_193738.reg
2008-12-11 18:35 22,844 ----a-w C:\cc_20081211_193459.reg
2008-10-14 18:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101420081015\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Configuration de la C-BOX"="c:\program files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 395264]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-06 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-09-02 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Christelle\Menu D‚marrer\Programmes\D‚marrage\
Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-11-03 254128]

c:\documents and settings\Gaetan\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-23 344064]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.MJPG"= m3jpeg32.dll
"msacm.DivXa32"= DivXa32.acm
"vidc.div4"= DivXc32f.dll
"vidc.xvid"= xvid.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\uTorrent\utorrent.exe"= c:\program files\uTorrent\utorrent.exe:72.20.34.145/255.255.255.255:Enabled:µTorrent
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43659:TCP"= 43659:TCP:72.20.34.145/255.255.255.255:Enabled:µtorrent

R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-01-15 19572]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-12-04 826752]
R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2006-12-04 380736]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2006-12-04 17408]
S3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [2009-01-24 161792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bce6a93-d360-11dd-8618-0013d358ec28}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2mail.com/static/apps/utils/AccountHelper.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Gaetan\Application Data\Mozilla\Firefox\Profiles\d2vsqgwz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 23:58:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-725345543-492894223-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout]
"GameDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data\\games"
"ShortlistDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data\\shortlists"
"ScreenshotsDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data"
"SaveDir"="c:\\Program Files\\Sports Interactive\\Football Manager 2007\\user data"
"HistoryDir"="c:\\Documents and Settings\\Gaetan\\Mes documents\\Sports Interactive\\FM Genie Scout 2007\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2007\\data\\db\\700\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Gaetan\\Mes documents\\Sports Interactive\\Football Manager 2007\\games\\brest.fm"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"LastUpdateCheck"=dword:000098e0
"HighQualityGUI"=dword:00000000
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000002
"Currency"=dword:00000056
"WindowHeight"=dword:000002df
"WindowWidth"=dword:000003e8
"WindowLeft"=dword:00000022
"WindowTop"=dword:00000027

[HKEY_USERS\S-1-5-21-725345543-492894223-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050

[HKEY_USERS\S-1-5-21-725345543-492894223-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:000000c6
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000064
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000008
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:00000009
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000a
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:0000000c
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:0000000d
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:0000000e
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:0000000f
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000010
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000011
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000012
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000013
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000014
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000015
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:00000016
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:00000017
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:00000018
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:00000019
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001a
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001b
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:0000001c
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:0000001d
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:0000001e
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:0000001f
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000020
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000021
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000022
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000023
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000024
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:00000026
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002a
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:0000002c
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:0000002f
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000031
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000032
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000025
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:00000027
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:00000029
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000033
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000034
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000035
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:00000036
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:00000037
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:00000038
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:00000039
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003a
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003b
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:0000003c
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:0000003d
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000040
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000041
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000042
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000043
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000044
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000045
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:00000046
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:00000047
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:00000048
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:00000049
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004a
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004b
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:0000004c
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:0000004d
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:0000004e
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:0000004f
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000050
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000051
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000052
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000053
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000054
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000055
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:00000056
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:00000057
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:00000058
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:00000059
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005a
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005b
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:0000005c
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:0000005d
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:0000005e
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:0000005f
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000060
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000061
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000062
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000063
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000064
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000065
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:00000066
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:00000067
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:00000068
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:00000069
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006a
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006b
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:0000003e
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:0000006c
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:0000006d
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:0000006e
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:0000006f
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000070
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000b
"Visible106"=dword:00000001
"Width106"=dword:0000005a
"Position107"=dword:00000007
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:0000003f
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002b
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:0000002d
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:0000002e
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000030
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000071
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000072
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000073
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000074
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000075
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:00000076
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:00000077
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:00000078
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:00000079
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007a
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007b
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:0000007c
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:0000007d
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:0000007e
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:0000007f
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000080
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000081
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000082
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000083
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000084
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000085
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:00000086
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:00000087
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:00000088
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:00000089
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008a
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008b
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:0000008c
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:0000008d
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:0000008e
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:0000008f
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000090
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000091
"Visible145"=dword:00000000
"Width145"=dword:00000050

[HKEY_USERS\S-1-5-21-725345543-492894223-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050

[HKEY_USERS\S-1-5-21-725345543-492894223-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout\Rating]
"GKPositionCoef"=dword:00000000
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000005
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000005
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:0000000a
"GKPenaltiesCoef"=dword:00000005
"GKTacklingCoef"=dword:0000000a
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000005
"GKRightFootCoef"=dword:00000005
"GKAggressionCoef"=dword:0000001e
"GKAnticipationCoef"=dword:0000000a
"GKBraveryCoef"=dword:0000001e
"GKComposureCoef"=dword:0000001e
"GKConcentrationCoef"=dword:00000014
"GKConsistencyCoef"=dword:00000014
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:0000001e
"GKDeterminationCoef"=dword:00000014
"GKDirtinessCoef"=dword:fffffff6
"GKFlairCoef"=dword:00000005
"GKImportantMatchesCoef"=dword:00000014
"GKInfluenceCoef"=dword:0000000f
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:0000003c
"GKTeamworkCoef"=dword:0000000a
"GKWorkRateCoef"=dword:00000005
"GKAccelerationCoef"=dword:0000000a
"GKAgilityCoef"=dword:00000014
"GKBalanceCoef"=dword:00000014
"GKInjuryPronenessCoef"=dword:fffffff6
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:0000000a
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000005
"GKStrengthCoef"=dword:0000001e
"GKVersatilityCoef"=dword:00000005
"GKAerialAbilityCoef"=dword:00000050
"GKCommandOfAreaCoef"=dword:00000032
"GKCommunicationCoef"=dword:0000003c
"GKEccentricityCoef"=dword:ffffffe7
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:00000019
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:0000001e
"GKTendencyToPunchCoef"=dword:ffffffe7
"GKThrowingCoef"=dword:00000019
"GKAdaptabilityCoef"=dword:0000000a
"GKAmbitionCoef"=dword:00000014
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:0000000a
"GKPressureCoef"=dword:00000014
"GKProfessionalismCoef"=dword:0000000f
"GKSportsmanshipCoef"=dword:0000000a
"GKTemperamentCoef"=dword:00000005
"SWPositionCoef"=dword:00000000
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:0000000a
"SWCrossingCoef"=dword:00000005
"SWDribblingCoef"=dword:00000005
"SWFinishingCoef"=dword:00000005
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:00000005
"SWLongThrowsCoef"=dword:00000005
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:00000014
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000f
"SWLeftFootCoef"=dword:0000000a
"SWRightFootCoef"=dword:0000000a
"SWAggressionCoef"=dword:0000000f
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:00000028
"SWConsistencyCoef"=dword:00000014
"SWCreativityCoef"=dword:00000005
"SWDecisionsCoef"=dword:0000001e
"SWDeterminationCoef"=dword:00000014
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000005
"SWImportantMatchesCoef"=dword:00000014
"SWInfluenceCoef"=dword:0000000f
"SWOffTheBallCoef"=dword:00000005
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:0000000a
"SWAccelerationCoef"=dword:00000019
"SWAgilityCoef"=dword:00000005
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffff6
"SWJumpingCoef"=dword:00000050
"SWNaturalFitnessCoef"=dword:0000000a
"SWPaceCoef"=dword:00000019
"SWStaminaCoef"=dword:0000000f
"SWStrengthCoef"=dword:0000003c
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:0000000a
"SWAmbitionCoef"=dword:00000014
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:0000000a
"SWPressureCoef"=dword:00000014
"SWProfessionalismCoef"=dword:0000000f
"SWSportsmanshipCoef"=dword:0000000a
"SWTemperamentCoef"=dword:00000005
"CBPositionCoef"=dword:00000000
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000014
"CBCrossingCoef"=dword:0000000a
"CBDribblingCoef"=dword:00000005
"CBFinishingCoef"=dword:00000005
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:00000014
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:00000005
"CBLongThrowsCoef"=dword:00000005
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:0000001e
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000f
"CBLeftFootCoef"=dword:0000000a
"CBRightFootCoef"=dword:0000000a
"CBAggressionCoef"=dword:0000000f
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:0000001e
"CBConcentrationCoef"=dword:0000001e
"CBConsistencyCoef"=dword:00000014
"CBCreativityCoef"=dword:00000005
"CBDecisionsCoef"=dword:0000001e
"CBDeterminationCoef"=dword:00000014
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000005
"CBImportantMatchesCoef"=dword:00000014
"CBInfluenceCoef"=dword:0000000f
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:0000000a
"CBAccelerationCoef"=dword:00000023
"CBAgilityCoef"=dword:00000005
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffff6
"CBJumpingCoef"=dword:00000050
"CBNaturalFitnessCoef"=dword:0000000a
"CBPaceCoef"=dword:00000023
"CBStaminaCoef"=dword:00000014
"CBStrengthCoef"=dword:00000032
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef"=dword:00000000
"CBTendencyToPunchCoef"=dword:00000000
"CBThrowingCoef"=dword:00000000
"CBAdaptabilityCoef"=dword:0000000a
"CBAmbitionCoef"=dword:00000014
"CBControversyCoef"=dword:fffffffb
"CBLoyalityCoef"=dword:0000000a
"CBPressureCoef"=dword:00000014
"CBProfessionalismCoef"=dword:0000000f
"CBSportsmanshipCoef"=dword:0000000a
"CBTemperamentCoef"=dword:00000005
"FBPositionCoef"=dword:00000000
"FBCurrentAbilityCoef"=dword:00000000
"FBCornersCoef"=dword:00000014
"FBCrossingCoef"=dword:00000023
"FBDribblingCoef"=dword:0000001e
"FBFinishingCoef"=dword:0000000a
"FBFirstTouchCoef"=dword:00000014
"FBFreeKicksCoef"=dword:00000014
"FBHeadingCoef"=dword:0000003c
"FBLongShotsCoef"=dword:0000000a
"FBLongThrowsCoef"=dword:0000000a
"FBMarkingCoef"=dword:00000050
"FBPassingCoef"=dword:00000023
"FBPenaltiesCoef"=dword:00000005
"FBTacklingCoef"=dword:00000064
"FBTechniqueCoef"=dword:0000001e
"FBLeftFootCoef"=dword:0000000a
"FBRightFootCoef"=dword:0000000a
"FBAggressionCoef"=dword:0000000f
"FBAnticipationCoef"=dword:0000003c
"FBBraveryCoef"=dword:00000019
"FBComposureCoef"=dword:00000019
"FBConcentrationCoef"=dword:0000001e
"FBConsistencyCoef"=dword:00000014
"FBCreativityCoef"=dword:0000000a
"FBDecisionsCoef"=dword:00000019
"FBDeterminationCoef"=dword:00000014
"FBDirtinessCoef"=dword:fffffff1
"FBFlairCoef"=dword:00000005
"FBImportantMatchesCoef"=dword:00000014
"FBInfluenceCoef"=dword:0000000f
"FBOffTheBallCoef"=dword:0000000f
"FBPositioningCoef"=dword:00000050
"FBTeamworkCoef"=dword:00000014
"FBWorkRateCoef"=dword:00000014
"FBAccelerationCoef"=dword:00000032
"FBAgilityCoef"=dword:00000005
"FBBalanceCoef"=dword:00000014
"FBInjuryPronenessCoef"=dword:fffffff6
"FBJumpingCoef"=dword:0000003c
"FBNaturalFitnessCoef"=dword:0000000a
"FBPaceCoef"=dword:00000032
"FBStaminaCoef"=dword:00000032
"FBStrengthCoef"=dword:00000028
"FBVersatilityCoef"=dword:00000005
"FBAerialAbilityCoef"=dword:00000000
"FBCommandOfAreaCoef"=dword:00000000
"FBCommunicationCoef"=dword:00000000
"FBEccentricityCoef"=dword:00000000
"FBHandlingCoef"=dword:00000000
"FBKickingCoef"=dword:00000000
"FBOneOnOnesCoef"=dword:00000005
"FBReflexesCoef"=dword:00000005
"FBRushingOutCoef"=dword:00000000
"FBTendencyToPunchCoef"=dword:00000000
"FBThrowingCoef"=dword:00000000
"FBAdaptabilityCoef"=dword:0000000a
"FBAmbitionCoef"=dword:00000014
"FBControversyCoef"=dword:fffffffb
"FBLoyalityCoef"=dword:0000000a
"FBPressureCoef"=dword:00000014
"FBProfessionalismCoef"=dword:0000000f
"FBSportsmanshipCoef"=dword:0000000a
"FBTemperamentCoef"=dword:00000005
"WBPositionCoef"=dword:00000000
"WBCurrentAbilityCoef"=dword:00000000
"WBCornersCoef"=dword:00000014
"WBCrossingCoef"=dword:0000004b
"WBDribblingCoef"=dword:0000003c
"WBFinishingCoef"=dword:0000001e
"WBFirstTouchCoef"=dword:00000019
"WBFreeKicksCoef"=dword:00000014
"WBHeadingCoef"=dword:00000019
"WBLongShotsCoef"=dword:0000000f
"WBLongThrowsCoef"=dword:0000000f
"WBMarkingCoef"=dword:0000003c
"WBPassingCoef"=dword:00000028
"WBPenaltiesCoef"=dword:00000005
"WBTacklingCoef"=dword:00000050
"WBTechniqueCoef"=dword:00000032
"WBLeftFootCoef"=dword:0000000a
"WBRightFootCoef"=dword:0000000a
"WBAggressionCoef"=dword:0000000a
"WBAnticipationCoef"=dword:00000032
"WBBraveryCoef"=dword:0000000f
"WBComposureCoef"=dword:00000014
"WBConcentrationCoef"=dword:00000019
"WBConsistencyCoef"=dword:00000014
"WBCreativityCoef"=dword:00000014
"WBDecisionsCoef"=dword:00000014
"WBDeterminationCoef"=dword:00000014
"WBDirtinessCoef"=dword:fffffff6
"WBFlairCoef"=dword:0000000a
"WBImportantMatchesCoef"=dword:00000014
"WBInfluenceCoef"=dword:0000000a
"WBOffTheBallCoef"=dword:00000014
"WBPositioningCoef"=dword:0000003c
"WBTeamworkCoef"=dword:00000014
"WBWorkRateCoef"=dword:0000001e
"WBAccelerationCoef"=dword:00000050
"WBAgilityCoef"=dword:00000005
"WBBalanceCoef"=dword:0000000f
"WBInjuryPronenessCoef"=dword:fffffff6
"WBJumpingCoef"=dword:00000019
"WBNaturalFitnessCoef"=dword:0000000a
"WBPaceCoef"=dword:0000005a
"WBStaminaCoef"=dword:0000004b
"WBStrengthCoef"=dword:00000028
"WBVersatilityCoef"=dword:00000005
"WBAerialAbilityCoef"=dword:00000000
"WBCommandOfAreaCoef"=dword:00000000
"WBCommunicationCoef"=dword:00000000
"WBEccentricityCoef"=dword:00000000
"WBHandlingCoef"=dword:00000000
"WBKickingCoef"=dword:00000000
"WBOneOnOnesCoef"=dword:00000005
"WBReflexesCoef"=dword:00000005
"WBRushingOutCoef"=dword:00000000
"WBTendencyToPunchCoef"=dword:00000000
"WBThrowingCoef"=dword:00000000
"WBAdaptabilityCoef"=dword:0000000a
"WBAmbitionCoef"=dword:00000014
"WBControversyCoef"=dword:fffffffb
"WBLoyalityCoef"=dword:0000000a
"WBPressureCoef"=dword:00000014
"WBProfessionalismCoef"=dword:0000000f
"WBSportsmanshipCoef"=dword:0000000a
"WBTemperamentCoef"=dword:00000005
"DMPositionCoef"=dword:00000000
"DMCurrentAbilityCoef"=dword:00000000
"DMCornersCoef"=dword:00000014
"DMCrossingCoef"=dword:00000028
"DMDribblingCoef"=dword:00000019
&quo

gatco · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:28, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gaetan\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

totobetourne · Answer

je ne sais pas si c est bel et bien fini .le rapport combofix n est pas complet et est tres long .

gatco · Answer

oui, j'ai vu ça ...

il y a plein de ligne pour "\G*e*n*i*e*"!\FM Genie Scout\" ... comment puis-je supprimer tout ça ?
c'est une vieille appli pour un jeu que je n'utilise plus.

totobetourne · Answer

je n en sais rien.

gatco · Answer

j'ai fait un peu de nettoyage ...

ComboFix 09-02-17.02 - Gaetan 2009-02-18 20:57:49.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.653 [GMT 1:00]
Lancé depuis: c:\documents and settings\Gaetan\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 ))))))))))))))))))))))))))))))))))))
.

2009-02-18 00:54 . 2009-02-18 20:10 <REP> d-------- c:\program files\RegCleaner
2009-02-18 00:45 . 2009-02-18 00:45 2,542 --a------ C:\cc_20090218_004548.reg
2009-02-13 23:39 . 2009-02-13 23:39 78,312,662 --a------ C:\Sauv.reg
2009-02-13 15:46 . 2009-02-13 15:46 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-02-13 14:16 . 2009-02-13 14:16 3,550 --a------ C:\cc_20090213_141640.reg
2009-02-13 14:12 . 2009-02-13 14:12 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-02-13 14:12 . 2009-02-13 14:12 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-13 14:12 . 2009-02-13 14:12 <REP> d-------- c:\documents and settings\Gaetan\Application Data\SUPERAntiSpyware.com
2009-02-13 14:12 . 2009-02-13 14:12 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-12 23:18 . 2009-02-12 23:38 <REP> d-------- c:\program files\Ad-remover
2009-02-12 19:19 . 2009-02-13 23:39 <REP> d-------- c:\program files\Trend Micro
2009-02-12 14:07 . 2009-02-12 14:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 14:07 . 2009-02-12 14:07 <REP> d-------- c:\documents and settings\Gaetan\Application Data\Malwarebytes
2009-02-12 14:07 . 2009-02-12 14:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 14:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 14:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 21:00 . 2009-02-07 21:00 <REP> d-------- c:\documents and settings\Mathis\Application Data\K-Meleon
2009-01-24 14:42 . 2009-01-24 14:42 <REP> d-------- c:\program files\Hercules
2009-01-24 14:42 . 2005-06-21 10:29 245,408 --a------ c:\windows\system32\unicows.dll
2009-01-24 14:31 . 2009-01-24 14:31 <REP> d-------- c:\windows\OvtCam
2009-01-24 14:31 . 2005-03-15 17:04 161,792 --------- c:\windows\system32\drivers\ov530vid.sys
2009-01-24 14:31 . 2004-08-05 17:34 61,440 --------- c:\windows\ov530dib.dll
2009-01-24 14:31 . 2005-09-30 09:42 40,960 --------- c:\windows\system32\ov530ext.dll
2009-01-24 14:31 . 2004-11-09 00:37 25,177 --------- c:\windows\system32\drivers\ov530cmd.sys
2009-01-24 14:31 . 2005-09-30 09:56 18,972 --------- c:\windows\system32\ov530ext.ax
2009-01-24 14:31 . 2004-07-20 01:50 16,440 --------- c:\windows\system32\ov530usd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 17:36 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-17 23:23 --------- d-----w c:\program files\Bonjour
2009-02-16 19:27 --------- d-----w c:\program files\Google
2009-02-12 13:05 --------- d-----w c:\program files\Inkscape
2009-02-12 13:05 --------- d-----w c:\documents and settings\Gaetan\Application Data\Inkscape
2009-02-12 13:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-24 16:07 --------- d-----w c:\documents and settings\Gaetan\Application Data\uTorrent
2009-01-24 15:43 --------- d-----w c:\documents and settings\Christelle\Application Data\ArcSoft
2009-01-17 10:54 --------- d-----w c:\program files\MyFirstKd
2009-01-10 23:11 --------- d-----w c:\program files\SopCast
2009-01-10 15:17 --------- d-----w c:\program files\AviSynth 2.5
2009-01-10 15:02 --------- d-----w c:\program files\GXTranscoderv5
2009-01-09 22:24 --------- d-----w c:\program files\Zylom Games
2008-12-29 09:11 --------- d-----w c:\program files\Maxis
2008-12-28 23:26 --------- d-----w c:\program files\CCleaner
2008-12-28 21:59 --------- d-----w c:\program files\Cossacks
2008-12-28 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-26 15:28 --------- d-----w c:\documents and settings\Gaetan\Application Data\MP-Manager
2008-12-26 15:16 --------- d-----w c:\program files\MPMAN
2008-12-21 17:35 --------- d-----w c:\program files\Yahoo!
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 18:37 15,554 ----a-w C:\cc_20081211_193738.reg
2008-12-11 18:35 22,844 ----a-w C:\cc_20081211_193459.reg
2008-10-14 18:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101420081015\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Configuration de la C-BOX"="c:\program files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 395264]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-03-06 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-09-02 1115728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Christelle\Menu D‚marrer\Programmes\D‚marrage\
Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-11-03 254128]

c:\documents and settings\Gaetan\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-23 344064]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.MJPG"= m3jpeg32.dll
"msacm.DivXa32"= DivXa32.acm
"vidc.div4"= DivXc32f.dll
"vidc.xvid"= xvid.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\uTorrent\utorrent.exe"= c:\program files\uTorrent\utorrent.exe:72.20.34.145/255.255.255.255:Enabled:µTorrent
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43659:TCP"= 43659:TCP:72.20.34.145/255.255.255.255:Enabled:µtorrent

R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-01-15 19572]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-12-04 826752]
R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2006-12-04 380736]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2006-12-04 17408]
S3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [2009-01-24 161792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bce6a93-d360-11dd-8618-0013d358ec28}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2mail.com/static/apps/utils/AccountHelper.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Gaetan\Application Data\Mozilla\Firefox\Profiles\d2vsqgwz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 20:58:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\11\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\23\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\30\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:00000005
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\30\1]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\32\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\48\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\50\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\56\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:00000005
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\56\1]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\58\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\61\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:00000005
"Response"=dword:00000000
"NumConn"=dword:00000000

[HKEY_LOCAL_MACHINE\System\Software\Comodo\Personal Firewall\AppCtrl\Apps\65\[u]0/u]
@DACL=(02 0000)
"AddrType"=dword:00000008
"AddrStart"="0.0.0.0"
"AddrEnd"="255.255.255.255"
"PortType"=dword:00000008
"PortStart"=dword:00000000
"PortEnd"=dword:0000ffff
"Protocol"=dword:0000000a
"Response"=dword:00000000
"NumConn"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Heure de fin: 2009-02-18 21:01:16
ComboFix-quarantined-files.txt 2009-02-18 19:59:59
ComboFix2.txt 2009-02-18 18:52:31
ComboFix3.txt 2009-02-17 21:08:18
ComboFix4.txt 2009-02-16 23:01:45

Avant-CF: 61 649 534 976 octets libres
Après-CF: 61,635,096,576 octets libres

319 --- E O F --- 2009-02-11 23:02:24

totobetourne · Answer

passe cela.branche tes disques durs externes.
Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : https://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.

gatco · Answer

salut,

c'est normal qu'avira me détecte un worm sur le fichier téléchargé ?

totobetourne · Answer

les clefs de comodo ont  l air  d etre bloquees.

gatco · Answer

qu'est-ce qu'il faut faire ?

totobetourne · Answer

je n en sais rien.

TR/Crypt.PEPM.Gen

42 réponses

Votre réponse

Discussions similaires

Newsletters