Virus windowsclick et autres !

Réponse 41 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

Bonjour !

Je viens de retenter, mais cela me fait la même chose, je le déplace sur l'icône Cfix.

Combofix ce lance, mais il ne me propose pas :

" --> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide. "

Le fichier CFScript.txt disparait ensuite durant le scan.

Sur le scan posté avant il y a marqué :

Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
Il y a peut-être un problème du fait que j'ai renommé Combofix en Cfix ?

Réponse 42 / 73

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

recommence stp !!!!

1-Créer un doc texte sur ton bureau :
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6e8a3de-8927-11dd-a5d6-001e8c65ea5f}]

File::
c:\windows\system32\uactmp.db

Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ...

2-Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : poste le pour analyse et attends la suite ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

Réponse 43 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

ComboFix 09-03-06.02 - Paul 2009-03-08 18:08:21.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1526 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\CFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\uactmp.db
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\uactmp.db

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-08 au 2009-03-08 ))))))))))))))))))))))))))))))))))))
.

2009-03-06 21:16 . 2009-03-06 21:16 172 --a------ C:\curr_ver.tmp
2009-03-06 19:46 . 2009-03-06 19:46 <REP> d-------- c:\program files\trend micro
2009-03-05 20:03 . 2009-03-05 20:03 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 20:03 . 2009-03-05 20:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 20:03 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 20:03 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 09:25 . 1998-06-24 00:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2009-03-03 09:25 . 2001-10-28 16:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-03-03 09:25 . 1998-07-06 00:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2009-02-26 21:44 . 2009-02-26 21:44 962 --a------ c:\documents and settings\photosBroodmother.png
2009-02-25 00:29 . 2009-02-25 00:30 <REP> d-------- c:\program files\Hamachi
2009-02-13 09:13 . 2009-02-13 09:13 <REP> d-------- c:\documents and settings\Sylvie\Application Data\GetRight

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 14:56 852,000 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-08 14:56 5,040 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-08 14:10 --------- d-----w c:\program files\Steam
2009-03-08 13:33 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-08 01:11 5,318,688 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-08 01:11 43,680 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-06 19:57 --------- d-----w c:\documents and settings\Administrateur\Application Data\GetRight
2009-03-06 17:44 --------- d-----w c:\documents and settings\Administrateur\Application Data\Free Download Manager
2009-03-05 22:10 --------- d-----w c:\program files\Warcraft III
2009-03-05 16:53 --------- d-----w c:\program files\CCleaner
2009-03-05 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\comp two long internet
2009-03-05 15:47 --------- d-----w c:\documents and settings\Administrateur\Application Data\SEND FLAG SAVE
2009-03-03 21:19 --------- d-----w c:\documents and settings\Administrateur\Application Data\FileZilla
2009-02-28 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-26 23:22 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 00:15 --------- d-----w c:\program files\eMule
2009-02-24 23:40 --------- d-----w c:\documents and settings\Administrateur\Application Data\Hamachi
2009-02-24 23:29 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-24 22:55 --------- d-----w c:\program files\Garena
2009-02-11 23:45 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 18:48 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-07 19:59 --------- d-----w c:\documents and settings\Sylvie\Application Data\mIRC
2009-02-07 19:58 --------- d-----w c:\program files\mIRC
2009-02-07 18:15 --------- d-----w c:\program files\Dofus
2009-02-05 23:59 --------- d-----w c:\program files\Macromedia
2009-02-05 20:38 --------- d-----w c:\program files\Audacity
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\dllcache\ati2mtag.sys
2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-03 17:31 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:31 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-25 20:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-25 20:52 --------- d-----w c:\program files\Left 4 Dead
2009-01-24 22:44 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-24 22:44 --------- d-----w c:\program files\AGEIA Technologies
2009-01-24 17:00 --------- d-----w c:\program files\Bonjour
2009-01-21 00:13 --------- d-----w c:\program files\WC3Banlist
2009-01-20 01:52 --------- d-----w c:\program files\StealthBot
2009-01-19 15:26 --------- d-----w c:\program files\MultipleIEs
2009-01-16 22:21 --------- d-----w c:\documents and settings\Administrateur\Application Data\Mumble
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 21:20 --------- d-----w c:\documents and settings\Administrateur\Application Data\Inkscape
2009-01-14 20:31 --------- d-----w c:\program files\Mumble
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll
2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-02 13:03 30 ----a-w c:\documents and settings\Administrateur\jagex_runescape_preferences.dat
2008-03-09 06:25 236 ---ha-w c:\program files\Fichiers communs\dx.reg
2007-09-12 13:59 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-09-09 14:22 81,920 ----a-w c:\documents and settings\Administrateur\Application Data\ezpinst.exe
2007-09-09 14:22 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-09-16 18:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091620080917\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-10 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Club-Internet.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Club-Internet.lnk
backup=c:\windows\pss\Club-Internet.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^GigaTribe.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\GigaTribe.lnk
backup=c:\windows\pss\GigaTribe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-03-21 17:23 1953792 c:\windows\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-09 21:05 2356088 c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-05-20 16:27 2474031 c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
--a------ 2007-12-30 23:14 253952 c:\program files\Free Download Manager\FUM\fum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-07 09:22 166424 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-07 09:22 141848 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 15:36 36864 c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 16:01 277296 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 00:07 8491008 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-17 00:07 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-07 09:22 137752 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2006-05-12 11:50 1138688 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-31 13:44 761856 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-04-24 09:42 888832 c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 19:01 525824 c:\program files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 16:45 22058792 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-28 21:28 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-08 04:46 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-10-13 16:04 707376 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 15:20 57344 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-19 15:42 2808832 c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 03:34 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-09-17 00:07 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-09-30 17:01 16864768 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 17:15 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-08-19 12:26 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\steamapps\\falcominien@hotmail.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Steam\\steamapps\\falcominien@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\falcominien@hotmail.com\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\falcominien@hotmail.com\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\List Checker\\pickup.listchecker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Mumble\\murmur.exe"=
"c:\\Program Files\\StealthBot\\StealthBot v2.6R3.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:Port Emule Tcp
"7571:UDP"= 7571:UDP:Port Emule Udp
"6113:TCP"= 6113:TCP:lc1
"6113:UDP"= 6113:UDP:lc2

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2007-09-09 6097]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-08-20 38656]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-20 93696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 brfilt;Pilote de filtre Brother MFC;c:\windows\system32\drivers\BrFilt.sys [2007-09-26 2944]
S3 brparimg;Pilote d'image parallèle multifonction Brother;c:\windows\system32\drivers\BrParImg.sys [2007-09-26 3168]
S3 BrParWdm;Pilote parallèle WDM Brother;c:\windows\system32\drivers\BrParwdm.sys [2007-09-26 39808]
S3 BrSerWDM;Pilote série Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-09-26 60416]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-07-11 36608]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2007-09-09 299923]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-09-18 16896]
.
Contenu du dossier 'Tâches planifiées'

2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} -
TCP: {2296855F-C96E-4900-9338-6DC4EFF6300F} = 80.10.246.2,80.10.246.129
TCP: {82ED8B1E-D1BA-446A-A95B-A851D8D89E8D} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yf3r6kpm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DofuX
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yf3r6kpm.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yf3r6kpm.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:12:18
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-457833038-2375772374-2302921364-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F86576A-A736-63D3-566C-4FF92F9F5BFF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abafpjhpdmgdeklemkldebpgmcnadlkaig"=hex:61,61,00,00
"bbafpjhpdmgdeklemkkdhbfnfnbajhmmiecc"=hex:61,61,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1544)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-08 18:14:18
ComboFix-quarantined-files.txt 2009-03-08 17:14:16
ComboFix2.txt 2009-03-07 14:04:28
ComboFix3.txt 2009-03-07 13:43:26

Avant-CF: 14,692,798,464 octets libres
Après-CF: 14,658,686,976 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
337 --- E O F --- 2009-03-05 17:22:16

Réponse 44 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

Merci :)

Celui du haut avec :

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6e8a3de-8927-11dd-a5d6-001e8c65ea5f}]

File::
c:\windows\system32\uactmp.db

Et celui du bas:

https://www.cjoint.com/?djo4dkSWIw

Rapport :

ComboFix 09-03-06.02 - Paul 2009-03-08 18:18:17.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1494 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\CFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-08 au 2009-03-08 ))))))))))))))))))))))))))))))))))))
.

2009-03-06 21:16 . 2009-03-06 21:16 172 --a------ C:\curr_ver.tmp
2009-03-06 19:46 . 2009-03-06 19:46 <REP> d-------- c:\program files\trend micro
2009-03-05 20:03 . 2009-03-05 20:03 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 20:03 . 2009-03-05 20:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-05 20:03 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 20:03 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 09:25 . 1998-06-24 00:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2009-03-03 09:25 . 2001-10-28 16:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2009-03-03 09:25 . 1998-07-06 00:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2009-02-26 21:44 . 2009-02-26 21:44 962 --a------ c:\documents and settings\photosBroodmother.png
2009-02-25 00:29 . 2009-02-25 00:30 <REP> d-------- c:\program files\Hamachi
2009-02-13 09:13 . 2009-02-13 09:13 <REP> d-------- c:\documents and settings\Sylvie\Application Data\GetRight

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 14:56 852,000 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-08 14:56 5,040 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-08 14:10 --------- d-----w c:\program files\Steam
2009-03-08 13:33 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-08 01:11 5,318,688 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-08 01:11 43,680 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-06 19:57 --------- d-----w c:\documents and settings\Administrateur\Application Data\GetRight
2009-03-06 17:44 --------- d-----w c:\documents and settings\Administrateur\Application Data\Free Download Manager
2009-03-05 22:10 --------- d-----w c:\program files\Warcraft III
2009-03-05 16:53 --------- d-----w c:\program files\CCleaner
2009-03-05 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\comp two long internet
2009-03-05 15:47 --------- d-----w c:\documents and settings\Administrateur\Application Data\SEND FLAG SAVE
2009-03-03 21:19 --------- d-----w c:\documents and settings\Administrateur\Application Data\FileZilla
2009-02-28 01:49 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-26 23:22 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 00:15 --------- d-----w c:\program files\eMule
2009-02-24 23:40 --------- d-----w c:\documents and settings\Administrateur\Application Data\Hamachi
2009-02-24 23:29 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-24 22:55 --------- d-----w c:\program files\Garena
2009-02-11 23:45 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 18:48 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-07 19:59 --------- d-----w c:\documents and settings\Sylvie\Application Data\mIRC
2009-02-07 19:58 --------- d-----w c:\program files\mIRC
2009-02-07 18:15 --------- d-----w c:\program files\Dofus
2009-02-05 23:59 --------- d-----w c:\program files\Macromedia
2009-02-05 20:38 --------- d-----w c:\program files\Audacity
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\dllcache\ati2mtag.sys
2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-03 17:31 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:31 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-25 20:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-25 20:52 --------- d-----w c:\program files\Left 4 Dead
2009-01-24 22:44 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-24 22:44 --------- d-----w c:\program files\AGEIA Technologies
2009-01-24 17:00 --------- d-----w c:\program files\Bonjour
2009-01-21 00:13 --------- d-----w c:\program files\WC3Banlist
2009-01-20 01:52 --------- d-----w c:\program files\StealthBot
2009-01-19 15:26 --------- d-----w c:\program files\MultipleIEs
2009-01-16 22:21 --------- d-----w c:\documents and settings\Administrateur\Application Data\Mumble
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 21:20 --------- d-----w c:\documents and settings\Administrateur\Application Data\Inkscape
2009-01-14 20:31 --------- d-----w c:\program files\Mumble
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\dllcache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\dllcache\occache.dll
2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-02 13:03 30 ----a-w c:\documents and settings\Administrateur\jagex_runescape_preferences.dat
2008-03-09 06:25 236 ---ha-w c:\program files\Fichiers communs\dx.reg
2007-09-12 13:59 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-09-09 14:22 81,920 ----a-w c:\documents and settings\Administrateur\Application Data\ezpinst.exe
2007-09-09 14:22 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-09-16 18:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091620080917\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-10 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Club-Internet.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Club-Internet.lnk
backup=c:\windows\pss\Club-Internet.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^GigaTribe.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\GigaTribe.lnk
backup=c:\windows\pss\GigaTribe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-03-21 17:23 1953792 c:\windows\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-09 21:05 2356088 c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-05-20 16:27 2474031 c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
--a------ 2007-12-30 23:14 253952 c:\program files\Free Download Manager\FUM\fum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-07 09:22 166424 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-07 09:22 141848 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2007-03-20 15:36 36864 c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 16:01 277296 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 00:07 8491008 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-17 00:07 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-07 09:22 137752 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2006-05-12 11:50 1138688 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-31 13:44 761856 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-04-24 09:42 888832 c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 19:01 525824 c:\program files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 16:45 22058792 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-28 21:28 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-08 04:46 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-10-13 16:04 707376 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 15:20 57344 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2008-06-19 15:42 2808832 c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 03:34 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-09-17 00:07 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-09-30 17:01 16864768 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 17:15 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2008-08-19 12:26 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\steamapps\\falcominien@hotmail.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Steam\\steamapps\\falcominien@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\falcominien@hotmail.com\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\falcominien@hotmail.com\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\List Checker\\pickup.listchecker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Mumble\\murmur.exe"=
"c:\\Program Files\\StealthBot\\StealthBot v2.6R3.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:Port Emule Tcp
"7571:UDP"= 7571:UDP:Port Emule Udp
"6113:TCP"= 6113:TCP:lc1
"6113:UDP"= 6113:UDP:lc2

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2007-09-09 6097]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-08-20 38656]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-20 93696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 brfilt;Pilote de filtre Brother MFC;c:\windows\system32\drivers\BrFilt.sys [2007-09-26 2944]
S3 brparimg;Pilote d'image parallèle multifonction Brother;c:\windows\system32\drivers\BrParImg.sys [2007-09-26 3168]
S3 BrParWdm;Pilote parallèle WDM Brother;c:\windows\system32\drivers\BrParwdm.sys [2007-09-26 39808]
S3 BrSerWDM;Pilote série Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-09-26 60416]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-07-11 36608]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2007-09-09 299923]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-09-18 16896]
.
Contenu du dossier 'Tâches planifiées'

2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} -
TCP: {2296855F-C96E-4900-9338-6DC4EFF6300F} = 80.10.246.2,80.10.246.129
TCP: {82ED8B1E-D1BA-446A-A95B-A851D8D89E8D} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yf3r6kpm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DofuX
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yf3r6kpm.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\yf3r6kpm.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:19:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-457833038-2375772374-2302921364-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F86576A-A736-63D3-566C-4FF92F9F5BFF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abafpjhpdmgdeklemkldebpgmcnadlkaig"=hex:61,61,00,00
"bbafpjhpdmgdeklemkkdhbfnfnbajhmmiecc"=hex:61,61,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1544)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-08 18:21:48
ComboFix-quarantined-files.txt 2009-03-08 17:21:45
ComboFix2.txt 2009-03-08 17:14:20
ComboFix3.txt 2009-03-07 14:04:28
ComboFix4.txt 2009-03-07 13:43:26

Avant-CF: 14 649 839 616 octets libres
Après-CF: 14,615,814,144 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
332 --- E O F --- 2009-03-05 17:22:16

Réponse 45 / 73

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

bien ... ^^

la suite maintenant :

1- Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "français" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
*Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .

! déconnecte toi et ferme toutes applications en cours !

* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

=====================

2- Télécharge Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Déconnecte toi et ferme toutes tes applications en cours .

Double-clique sur sur l'.exe que tu viens de télécharger pour lancer l'installe .

Une fois l'installation faite, clique sur le raccourci pour lancer l'outil .

Là,laisses toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe

Réponse 46 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : BIOS Date: 11/26/07 19:42:38 Ver: 08.00.12
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.454 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:64 Go (Free:13 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:8 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 08/03/2009|18:36 )

--------------------\\ Listing des dossiers dans APPLIC~1

[31/01/2009|18:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[28/10/2007|16:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[23/12/2008|10:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[20/09/2008|02:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[11/11/2007|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\bang
[02/09/2008|12:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
[27/09/2008|12:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\dzGetUp.74A2AF466970424B7D614B8B038185C3EE12DD1C.1
[31/10/2008|00:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\EditPlus 3
[03/10/2008|17:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\EmailNotifier
[03/03/2009|22:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\FileZilla
[08/03/2009|18:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Free Download Manager
[06/03/2009|20:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRight
[08/09/2007|04:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[25/02/2009|00:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Hamachi
[08/09/2007|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Infineon
[15/01/2009|22:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Inkscape
[08/09/2007|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[14/06/2008|14:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[14/09/2007|18:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[03/10/2008|17:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Megaupload
[06/03/2009|21:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[07/01/2009|21:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\mIRC
[01/03/2009|16:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[16/01/2009|23:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mumble
[16/09/2008|21:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Notepad++
[08/09/2007|05:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[05/01/2009|02:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Red Kawa
[08/09/2007|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[02/04/2008|17:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Samsung
[05/03/2009|16:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\SEND FLAG SAVE
[14/05/2008|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[18/09/2008|19:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Steinberg
[08/09/2007|16:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[29/09/2007|12:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\SystemRequirementsLab
[30/12/2007|22:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
[14/09/2007|18:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[09/09/2007|15:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[08/09/2007|05:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[01/12/2008|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[27/09/2008|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/09/2007|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[01/12/2008|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/09/2008|02:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[05/03/2009|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\comp two long internet
[03/10/2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EmailNotifier
[13/06/2008|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[14/07/2008|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeDownloadManager.ORG
[08/09/2007|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[28/02/2009|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[08/09/2007|13:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[08/03/2009|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[28/10/2008|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[14/07/2008|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/09/2008|19:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[06/02/2009|00:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[05/03/2009|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[03/10/2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Megaupload
[14/09/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[05/03/2009|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12/02/2009|00:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/09/2007|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raize
[08/09/2007|05:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[12/09/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08/09/2007|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[16/10/2007|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[15/11/2007|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView

[23/09/2008|20:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/04/2008|09:29] C:\DOCUME~1\Marie\APPLIC~1\Adobe
[10/09/2007|18:35] C:\DOCUME~1\Marie\APPLIC~1\Google
[08/09/2007|13:22] C:\DOCUME~1\Marie\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\Marie\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\Marie\APPLIC~1\InstallShield
[10/09/2007|18:40] C:\DOCUME~1\Marie\APPLIC~1\Macromedia
[20/10/2007|10:26] C:\DOCUME~1\Marie\APPLIC~1\Microsoft
[26/11/2008|07:22] C:\DOCUME~1\Marie\APPLIC~1\Mozilla
[08/09/2007|13:22] C:\DOCUME~1\Marie\APPLIC~1\SampleView
[22/10/2007|18:05] C:\DOCUME~1\Marie\APPLIC~1\Sun
[14/09/2007|09:55] C:\DOCUME~1\Marie\APPLIC~1\vlc

[08/09/2007|13:22] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/09/2007|12:53] C:\DOCUME~1\Paul\APPLIC~1\Free Download Manager
[09/09/2007|12:51] C:\DOCUME~1\Paul\APPLIC~1\Google
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\InstallShield
[09/09/2007|12:49] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[09/09/2007|12:48] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\SampleView

[27/06/2008|17:49] C:\DOCUME~1\Sylvie\APPLIC~1\Adobe
[10/06/2008|07:29] C:\DOCUME~1\Sylvie\APPLIC~1\Ahead
[11/09/2007|13:56] C:\DOCUME~1\Sylvie\APPLIC~1\Apple Computer
[27/06/2008|18:00] C:\DOCUME~1\Sylvie\APPLIC~1\Brother
[07/10/2008|20:18] C:\DOCUME~1\Sylvie\APPLIC~1\DivX
[13/02/2009|09:13] C:\DOCUME~1\Sylvie\APPLIC~1\GetRight
[16/09/2007|21:15] C:\DOCUME~1\Sylvie\APPLIC~1\Google
[08/09/2007|13:22] C:\DOCUME~1\Sylvie\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\Sylvie\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\Sylvie\APPLIC~1\InstallShield
[16/09/2007|20:37] C:\DOCUME~1\Sylvie\APPLIC~1\Macromedia
[27/03/2008|09:52] C:\DOCUME~1\Sylvie\APPLIC~1\Microsoft
[07/02/2009|20:59] C:\DOCUME~1\Sylvie\APPLIC~1\mIRC
[27/06/2008|17:43] C:\DOCUME~1\Sylvie\APPLIC~1\Mozilla
[26/03/2008|14:11] C:\DOCUME~1\Sylvie\APPLIC~1\Real
[08/09/2007|13:22] C:\DOCUME~1\Sylvie\APPLIC~1\SampleView
[22/10/2008|12:15] C:\DOCUME~1\Sylvie\APPLIC~1\SEND FLAG SAVE
[11/09/2007|13:57] C:\DOCUME~1\Sylvie\APPLIC~1\vlc
[18/12/2007|20:56] C:\DOCUME~1\Sylvie\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/03/2009 11:11][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/03/2009 18:21][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 03:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[12/06/2008|10:51] C:\Program Files\Adobe
[24/01/2009|23:44] C:\Program Files\AGEIA Technologies
[01/12/2008|09:29] C:\Program Files\Apple Software Update
[20/09/2008|02:07] C:\Program Files\ATI Technologies
[05/02/2009|21:38] C:\Program Files\Audacity
[08/11/2008|23:06] C:\Program Files\AWC
[24/01/2009|18:00] C:\Program Files\Bonjour
[05/03/2009|17:53] C:\Program Files\CCleaner
[03/01/2008|14:47] C:\Program Files\Color7 Video Studio
[08/09/2007|13:22] C:\Program Files\Compaq
[08/09/2007|13:22] C:\Program Files\ComPlus Applications
[14/09/2007|18:40] C:\Program Files\DAEMON Tools
[16/11/2008|14:53] C:\Program Files\DivX
[07/02/2009|19:15] C:\Program Files\Dofus
[02/12/2008|22:26] C:\Program Files\EasyPHP 2.0b1
[30/10/2008|17:40] C:\Program Files\EditPlus 3
[25/02/2009|01:15] C:\Program Files\eMule
[08/03/2009|18:19] C:\Program Files\Fichiers communs
[27/06/2008|23:26] C:\Program Files\FileZilla FTP Client
[21/02/2008|04:46] C:\Program Files\Free Audio Pack
[03/10/2008|17:43] C:\Program Files\Free Download Manager
[24/02/2009|23:55] C:\Program Files\Garena
[08/09/2007|04:47] C:\Program Files\Google
[25/02/2009|00:30] C:\Program Files\Hamachi
[08/09/2007|04:38] C:\Program Files\Hewlett-Packard
[25/01/2009|21:57] C:\Program Files\InstallShield Installation Information
[20/08/2008|01:08] C:\Program Files\Intel
[12/02/2009|00:44] C:\Program Files\Internet Explorer
[01/12/2008|09:32] C:\Program Files\iPod
[01/12/2008|09:32] C:\Program Files\iTunes
[14/09/2007|20:38] C:\Program Files\Java
[28/10/2008|22:13] C:\Program Files\Kaspersky Lab
[08/09/2007|05:49] C:\Program Files\K-Lite Codec Pack
[25/01/2009|21:52] C:\Program Files\Left 4 Dead
[26/11/2008|01:08] C:\Program Files\List Checker
[19/09/2008|19:45] C:\Program Files\ma-config.com
[06/02/2009|00:59] C:\Program Files\Macromedia
[05/03/2009|20:03] C:\Program Files\Malwarebytes' Anti-Malware
[03/10/2008|17:43] C:\Program Files\Megaupload
[16/09/2008|19:30] C:\Program Files\Messenger
[16/09/2008|13:28] C:\Program Files\Messenger Plus! Live
[08/09/2007|13:22] C:\Program Files\microsoft frontpage
[06/09/2008|18:09] C:\Program Files\Microsoft LifeCam
[09/09/2007|12:04] C:\Program Files\Microsoft Office
[27/02/2009|00:22] C:\Program Files\Microsoft Silverlight
[09/09/2007|12:04] C:\Program Files\Microsoft Visual Studio
[09/09/2007|12:01] C:\Program Files\Microsoft Visual Studio 8
[09/09/2007|12:04] C:\Program Files\Microsoft Works
[09/09/2007|12:03] C:\Program Files\Microsoft.NET
[07/02/2009|20:58] C:\Program Files\mIRC
[16/09/2008|19:26] C:\Program Files\Movie Maker
[08/03/2009|18:23] C:\Program Files\Mozilla Firefox
[09/09/2007|12:04] C:\Program Files\MSBuild
[08/09/2007|13:22] C:\Program Files\MSN
[08/09/2007|13:22] C:\Program Files\MSN Gaming Zone
[03/04/2008|19:13] C:\Program Files\MSXML 4.0
[09/09/2007|10:15] C:\Program Files\MSXML 6.0
[19/01/2009|16:26] C:\Program Files\MultipleIEs
[14/01/2009|21:31] C:\Program Files\Mumble
[08/09/2007|06:34] C:\Program Files\Nero
[16/09/2008|19:24] C:\Program Files\NetMeeting
[16/09/2008|21:19] C:\Program Files\Notepad++
[07/10/2007|01:03] C:\Program Files\Ocean Technology
[16/09/2008|19:23] C:\Program Files\Outlook Express
[14/07/2008|21:24] C:\Program Files\PC Wizard 2008
[15/07/2008|22:45] C:\Program Files\PFConfig
[01/12/2008|09:31] C:\Program Files\QuickTime
[17/10/2008|21:57] C:\Program Files\Realtek
[28/12/2008|01:00] C:\Program Files\Red Kawa
[08/09/2007|22:11] C:\Program Files\Reference Assemblies
[02/04/2008|16:40] C:\Program Files\Samsung
[12/09/2007|18:15] C:\Program Files\Skype
[20/01/2009|02:52] C:\Program Files\StealthBot
[08/03/2009|15:10] C:\Program Files\Steam
[15/08/2008|15:20] C:\Program Files\Teamspeak2_RC2
[06/03/2009|19:46] C:\Program Files\trend micro
[08/09/2007|13:22] C:\Program Files\Uninstall Information
[08/09/2007|05:49] C:\Program Files\VideoLAN
[05/01/2008|16:05] C:\Program Files\VirtualDJ
[05/03/2009|23:10] C:\Program Files\Warcraft III
[21/01/2009|01:13] C:\Program Files\WC3Banlist
[18/02/2008|00:44] C:\Program Files\Windows Live
[16/09/2008|19:23] C:\Program Files\Windows Media Player
[16/09/2008|19:23] C:\Program Files\Windows NT
[08/09/2007|13:22] C:\Program Files\WindowsUpdate
[08/11/2008|22:48] C:\Program Files\WinPcap
[08/09/2007|05:48] C:\Program Files\WinRAR
[08/09/2007|13:22] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/06/2008|10:49] C:\Program Files\Fichiers communs\Adobe
[27/09/2008|12:17] C:\Program Files\Fichiers communs\Adobe AIR
[08/09/2007|06:34] C:\Program Files\Fichiers communs\Ahead
[01/12/2008|09:32] C:\Program Files\Fichiers communs\Apple
[20/09/2008|02:07] C:\Program Files\Fichiers communs\ATI Technologies
[09/09/2007|12:04] C:\Program Files\Fichiers communs\DESIGNER
[08/09/2007|13:22] C:\Program Files\Fichiers communs\InstallShield
[08/09/2007|13:22] C:\Program Files\Fichiers communs\Java
[11/06/2008|22:38] C:\Program Files\Fichiers communs\Macromedia
[12/06/2008|10:37] C:\Program Files\Fichiers communs\Macrovision Shared
[05/03/2009|18:22] C:\Program Files\Fichiers communs\Microsoft Shared
[08/09/2007|13:22] C:\Program Files\Fichiers communs\MSSoap
[08/09/2007|13:22] C:\Program Files\Fichiers communs\ODBC
[08/09/2007|13:22] C:\Program Files\Fichiers communs\Services
[08/09/2007|13:22] C:\Program Files\Fichiers communs\SpeechEngines
[16/09/2008|19:23] C:\Program Files\Fichiers communs\System
[15/11/2007|08:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[24/01/2009|23:44] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 31 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\comp two long internet

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:38:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 47

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:2][D:0]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 08/03/2009|18:39 - Option : [1]

--------------------\\ Fin du rapport a 18:39:33

Réponse 47 / 73

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

bien ....

dans l'ordre :

1- ! Déconnecte toi et ferme toutes tes applications en cours !

Relance Lop S&D ,

--->choisis cette fois l'option 2 ( nettoyage ) et valide ...

->ne touche à rien pendant que l'outil travail .

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse puis fais la suite ...

===========================

2- Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport RSIT ( log.txt ) pour analyse ...

Réponse 48 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : BIOS Date: 11/26/07 19:42:38 Ver: 08.00.12
USER : Paul ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.454 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:64 Go (Free:13 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:8 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 08/03/2009|19:02 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\comp two long internet

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[31/01/2009|18:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[28/10/2007|16:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[23/12/2008|10:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[20/09/2008|02:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[11/11/2007|14:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\bang
[02/09/2008|12:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
[27/09/2008|12:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\dzGetUp.74A2AF466970424B7D614B8B038185C3EE12DD1C.1
[31/10/2008|00:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\EditPlus 3
[03/10/2008|17:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\EmailNotifier
[03/03/2009|22:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\FileZilla
[08/03/2009|18:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Free Download Manager
[06/03/2009|20:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRight
[08/09/2007|04:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[25/02/2009|00:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Hamachi
[08/09/2007|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Infineon
[15/01/2009|22:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\Inkscape
[08/09/2007|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[14/06/2008|14:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[14/09/2007|18:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[03/10/2008|17:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Megaupload
[06/03/2009|21:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[07/01/2009|21:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\mIRC
[01/03/2009|16:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[16/01/2009|23:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mumble
[16/09/2008|21:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Notepad++
[08/09/2007|05:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[05/01/2009|02:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Red Kawa
[08/09/2007|13:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[02/04/2008|17:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Samsung
[05/03/2009|16:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\SEND FLAG SAVE
[14/05/2008|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
[18/09/2008|19:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Steinberg
[08/09/2007|16:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[29/09/2007|12:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\SystemRequirementsLab
[30/12/2007|22:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
[14/09/2007|18:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[09/09/2007|15:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Vso
[08/09/2007|05:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[01/12/2008|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[27/09/2008|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/09/2007|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[01/12/2008|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/09/2008|02:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[03/10/2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EmailNotifier
[13/06/2008|23:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[14/07/2008|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreeDownloadManager.ORG
[08/09/2007|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[28/02/2009|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[08/09/2007|13:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[08/03/2009|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[28/10/2008|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[14/07/2008|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/09/2008|19:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[06/02/2009|00:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[05/03/2009|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[03/10/2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Megaupload
[14/09/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[05/03/2009|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12/02/2009|00:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[21/09/2007|19:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raize
[08/09/2007|05:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[12/09/2007|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08/09/2007|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[16/10/2007|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[15/11/2007|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[08/09/2007|13:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView

[23/09/2008|20:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/04/2008|09:29] C:\DOCUME~1\Marie\APPLIC~1\Adobe
[10/09/2007|18:35] C:\DOCUME~1\Marie\APPLIC~1\Google
[08/09/2007|13:22] C:\DOCUME~1\Marie\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\Marie\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\Marie\APPLIC~1\InstallShield
[10/09/2007|18:40] C:\DOCUME~1\Marie\APPLIC~1\Macromedia
[20/10/2007|10:26] C:\DOCUME~1\Marie\APPLIC~1\Microsoft
[26/11/2008|07:22] C:\DOCUME~1\Marie\APPLIC~1\Mozilla
[08/09/2007|13:22] C:\DOCUME~1\Marie\APPLIC~1\SampleView
[22/10/2007|18:05] C:\DOCUME~1\Marie\APPLIC~1\Sun
[14/09/2007|09:55] C:\DOCUME~1\Marie\APPLIC~1\vlc

[08/09/2007|13:22] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/09/2007|12:53] C:\DOCUME~1\Paul\APPLIC~1\Free Download Manager
[09/09/2007|12:51] C:\DOCUME~1\Paul\APPLIC~1\Google
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\InstallShield
[09/09/2007|12:49] C:\DOCUME~1\Paul\APPLIC~1\Macromedia
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\Microsoft
[09/09/2007|12:48] C:\DOCUME~1\Paul\APPLIC~1\Mozilla
[08/09/2007|13:22] C:\DOCUME~1\Paul\APPLIC~1\SampleView

[27/06/2008|17:49] C:\DOCUME~1\Sylvie\APPLIC~1\Adobe
[10/06/2008|07:29] C:\DOCUME~1\Sylvie\APPLIC~1\Ahead
[11/09/2007|13:56] C:\DOCUME~1\Sylvie\APPLIC~1\Apple Computer
[27/06/2008|18:00] C:\DOCUME~1\Sylvie\APPLIC~1\Brother
[07/10/2008|20:18] C:\DOCUME~1\Sylvie\APPLIC~1\DivX
[13/02/2009|09:13] C:\DOCUME~1\Sylvie\APPLIC~1\GetRight
[16/09/2007|21:15] C:\DOCUME~1\Sylvie\APPLIC~1\Google
[08/09/2007|13:22] C:\DOCUME~1\Sylvie\APPLIC~1\Identities
[08/09/2007|13:22] C:\DOCUME~1\Sylvie\APPLIC~1\Infineon
[08/09/2007|13:22] C:\DOCUME~1\Sylvie\APPLIC~1\InstallShield
[16/09/2007|20:37] C:\DOCUME~1\Sylvie\APPLIC~1\Macromedia
[27/03/2008|09:52] C:\DOCUME~1\Sylvie\APPLIC~1\Microsoft
[07/02/2009|20:59] C:\DOCUME~1\Sylvie\APPLIC~1\mIRC
[27/06/2008|17:43] C:\DOCUME~1\Sylvie\APPLIC~1\Mozilla
[26/03/2008|14:11] C:\DOCUME~1\Sylvie\APPLIC~1\Real
[08/09/2007|13:22] C:\DOCUME~1\Sylvie\APPLIC~1\SampleView
[22/10/2008|12:15] C:\DOCUME~1\Sylvie\APPLIC~1\SEND FLAG SAVE
[11/09/2007|13:57] C:\DOCUME~1\Sylvie\APPLIC~1\vlc
[18/12/2007|20:56] C:\DOCUME~1\Sylvie\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[07/03/2009 11:11][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/03/2009 18:21][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 03:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[12/06/2008|10:51] C:\Program Files\Adobe
[24/01/2009|23:44] C:\Program Files\AGEIA Technologies
[01/12/2008|09:29] C:\Program Files\Apple Software Update
[20/09/2008|02:07] C:\Program Files\ATI Technologies
[05/02/2009|21:38] C:\Program Files\Audacity
[08/11/2008|23:06] C:\Program Files\AWC
[24/01/2009|18:00] C:\Program Files\Bonjour
[05/03/2009|17:53] C:\Program Files\CCleaner
[03/01/2008|14:47] C:\Program Files\Color7 Video Studio
[08/09/2007|13:22] C:\Program Files\Compaq
[08/09/2007|13:22] C:\Program Files\ComPlus Applications
[14/09/2007|18:40] C:\Program Files\DAEMON Tools
[16/11/2008|14:53] C:\Program Files\DivX
[07/02/2009|19:15] C:\Program Files\Dofus
[02/12/2008|22:26] C:\Program Files\EasyPHP 2.0b1
[30/10/2008|17:40] C:\Program Files\EditPlus 3
[25/02/2009|01:15] C:\Program Files\eMule
[08/03/2009|18:19] C:\Program Files\Fichiers communs
[27/06/2008|23:26] C:\Program Files\FileZilla FTP Client
[21/02/2008|04:46] C:\Program Files\Free Audio Pack
[03/10/2008|17:43] C:\Program Files\Free Download Manager
[24/02/2009|23:55] C:\Program Files\Garena
[08/09/2007|04:47] C:\Program Files\Google
[25/02/2009|00:30] C:\Program Files\Hamachi
[08/09/2007|04:38] C:\Program Files\Hewlett-Packard
[25/01/2009|21:57] C:\Program Files\InstallShield Installation Information
[20/08/2008|01:08] C:\Program Files\Intel
[12/02/2009|00:44] C:\Program Files\Internet Explorer
[01/12/2008|09:32] C:\Program Files\iPod
[01/12/2008|09:32] C:\Program Files\iTunes
[14/09/2007|20:38] C:\Program Files\Java
[28/10/2008|22:13] C:\Program Files\Kaspersky Lab
[08/09/2007|05:49] C:\Program Files\K-Lite Codec Pack
[25/01/2009|21:52] C:\Program Files\Left 4 Dead
[26/11/2008|01:08] C:\Program Files\List Checker
[19/09/2008|19:45] C:\Program Files\ma-config.com
[06/02/2009|00:59] C:\Program Files\Macromedia
[05/03/2009|20:03] C:\Program Files\Malwarebytes' Anti-Malware
[03/10/2008|17:43] C:\Program Files\Megaupload
[16/09/2008|19:30] C:\Program Files\Messenger
[16/09/2008|13:28] C:\Program Files\Messenger Plus! Live
[08/09/2007|13:22] C:\Program Files\microsoft frontpage
[06/09/2008|18:09] C:\Program Files\Microsoft LifeCam
[09/09/2007|12:04] C:\Program Files\Microsoft Office
[27/02/2009|00:22] C:\Program Files\Microsoft Silverlight
[09/09/2007|12:04] C:\Program Files\Microsoft Visual Studio
[09/09/2007|12:01] C:\Program Files\Microsoft Visual Studio 8
[09/09/2007|12:04] C:\Program Files\Microsoft Works
[09/09/2007|12:03] C:\Program Files\Microsoft.NET
[07/02/2009|20:58] C:\Program Files\mIRC
[16/09/2008|19:26] C:\Program Files\Movie Maker
[08/03/2009|18:39] C:\Program Files\Mozilla Firefox
[09/09/2007|12:04] C:\Program Files\MSBuild
[08/09/2007|13:22] C:\Program Files\MSN
[08/09/2007|13:22] C:\Program Files\MSN Gaming Zone
[03/04/2008|19:13] C:\Program Files\MSXML 4.0
[09/09/2007|10:15] C:\Program Files\MSXML 6.0
[19/01/2009|16:26] C:\Program Files\MultipleIEs
[14/01/2009|21:31] C:\Program Files\Mumble
[08/09/2007|06:34] C:\Program Files\Nero
[16/09/2008|19:24] C:\Program Files\NetMeeting
[16/09/2008|21:19] C:\Program Files\Notepad++
[07/10/2007|01:03] C:\Program Files\Ocean Technology
[16/09/2008|19:23] C:\Program Files\Outlook Express
[14/07/2008|21:24] C:\Program Files\PC Wizard 2008
[15/07/2008|22:45] C:\Program Files\PFConfig
[01/12/2008|09:31] C:\Program Files\QuickTime
[17/10/2008|21:57] C:\Program Files\Realtek
[28/12/2008|01:00] C:\Program Files\Red Kawa
[08/09/2007|22:11] C:\Program Files\Reference Assemblies
[02/04/2008|16:40] C:\Program Files\Samsung
[12/09/2007|18:15] C:\Program Files\Skype
[20/01/2009|02:52] C:\Program Files\StealthBot
[08/03/2009|15:10] C:\Program Files\Steam
[15/08/2008|15:20] C:\Program Files\Teamspeak2_RC2
[06/03/2009|19:46] C:\Program Files\trend micro
[08/09/2007|13:22] C:\Program Files\Uninstall Information
[08/09/2007|05:49] C:\Program Files\VideoLAN
[05/01/2008|16:05] C:\Program Files\VirtualDJ
[05/03/2009|23:10] C:\Program Files\Warcraft III
[21/01/2009|01:13] C:\Program Files\WC3Banlist
[18/02/2008|00:44] C:\Program Files\Windows Live
[16/09/2008|19:23] C:\Program Files\Windows Media Player
[16/09/2008|19:23] C:\Program Files\Windows NT
[08/09/2007|13:22] C:\Program Files\WindowsUpdate
[08/11/2008|22:48] C:\Program Files\WinPcap
[08/09/2007|05:48] C:\Program Files\WinRAR
[08/09/2007|13:22] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/06/2008|10:49] C:\Program Files\Fichiers communs\Adobe
[27/09/2008|12:17] C:\Program Files\Fichiers communs\Adobe AIR
[08/09/2007|06:34] C:\Program Files\Fichiers communs\Ahead
[01/12/2008|09:32] C:\Program Files\Fichiers communs\Apple
[20/09/2008|02:07] C:\Program Files\Fichiers communs\ATI Technologies
[09/09/2007|12:04] C:\Program Files\Fichiers communs\DESIGNER
[08/09/2007|13:22] C:\Program Files\Fichiers communs\InstallShield
[08/09/2007|13:22] C:\Program Files\Fichiers communs\Java
[11/06/2008|22:38] C:\Program Files\Fichiers communs\Macromedia
[12/06/2008|10:37] C:\Program Files\Fichiers communs\Macrovision Shared
[05/03/2009|18:22] C:\Program Files\Fichiers communs\Microsoft Shared
[08/09/2007|13:22] C:\Program Files\Fichiers communs\MSSoap
[08/09/2007|13:22] C:\Program Files\Fichiers communs\ODBC
[08/09/2007|13:22] C:\Program Files\Fichiers communs\Services
[08/09/2007|13:22] C:\Program Files\Fichiers communs\SpeechEngines
[16/09/2008|19:23] C:\Program Files\Fichiers communs\System
[15/11/2007|08:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[24/01/2009|23:44] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 32 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 19:05:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 47

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:14][D:1]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:2][D:0]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 08/03/2009|18:39 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 08/03/2009|19:07 - Option : [2]

--------------------\\ Fin du rapport a 19:07:52

Réponse 49 / 73

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

vu ...

continue ... ;)

Réponse 50 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1827
Windows 5.1.2600 Service Pack 3

08/03/2009 19:29:31
mbam-log-2009-03-08 (19-29-31).txt

Type de recherche: Examen rapide
Eléments examinés: 78069
Temps écoulé: 3 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 51 / 73

kevin05 Messages postés 3636 Date d'inscription Statut Contributeur sécurité Dernière intervention 147

Et ben j'ai encore appris pas mal de truc avec toi ske69 ^^

Réponse 52 / 73

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

bien ...

dis moi comment va le PC maintenant ? ... du mieux ?

la suite :

1- on va vérifier si il ne reste pas quelques clés infectieuses avec Gmer :

* Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète pas et ignore l'alerte.
* Clique sur l'onglet "rootkit", puis clique sur scan.
* A la fin du scan, clique sur le bouton copy.
* Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
* poste le nouveau rapport obtenu stp ...

=============================

2- Télécharge GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.genproc.com/GenProc.exe

!!Déconnecte toi et ferme tes applications en cours !!

* double-clique sur GenProc.exe pour lancer le scan et laisse faire ...

* A la question "faites vous aidez sur un forum..." > clique sur " oui " .

-> poste le contenu du rapport qui s'ouvre ...

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

Réponse 53 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

Mon pc va beaucoup mieux ! Merci beaucoup :p

Ce scan est horriblement long ! mais j'ai fini par y arriver :)

GMER 1.0.15.14831 - http://www.gmer.net
Rootkit scan 2009-03-09 23:14:41
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xABF4AA72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xABF4B01E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xABF4CA82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xABF4C438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xABF4A1E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xABF4E3E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xABF4AE1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xABF4A62A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xABF4A82A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xABF4C744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xABF4E8F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xABF4A940]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xABF4A9A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xABF4C5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xABF4DEA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xABF4C294]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xABF4A34A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xABF4AC40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xABF4E40E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xABF4AB96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xABF4AA10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xABF4A714]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xABF4A4F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xABF4E110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xABF49E6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xABF4D30C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xABF49FCC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xABF4E7C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xABF49C68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xABF4C924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xABF4AF18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xABF4DFA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xABF4E438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xABF4A3A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xABF4E51C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xABF4E648]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xABF4DDD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xABF4ACEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xABF4AD5C]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP ABF611E8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP ABF615A2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C68 80504504 4 Bytes CALL 12FC39AA
.text ntkrnlpa.exe!ZwCallbackReturn + 2CD4 80504570 4 Bytes CALL 4DE4F169
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [1C, E5, F4, AB, 48, E6, F4, ...] {SBB AL, 0xe5; HLT ; STOSD ; DEC EAX; OUT 0xf4, AL; STOSD ; AAM 0xdd; HLT ; STOSD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC8 80504864 4 Bytes JMP A4ABF4AC
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B8CD78AC 5 Bytes JMP 8A73E700
? System32\Drivers\a4amhj6x.SYS Le chemin d'accès spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[352] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[352] USER32.dll!AlignRects + FFFA5598 7E392A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[816] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe[816] USER32.dll!AlignRects + FFFA5598 7E392A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EBEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EBEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EBEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EBF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EBF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9ED429A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B973C530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B973C530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B0FA1E8
Device \FileSystem\Fastfat \FatCdrom 8A474790

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\PCI_NTPNP6148 \Device\00000050 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A73D1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A73D1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B0FC1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8B0FC1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8B0FC1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8B0FC1E8
Device \Driver\usbuhci \Device\USBPDO-2 8A73D1E8
Device \Driver\usbehci \Device\USBPDO-3 8A71B1E8
Device \Driver\usbuhci \Device\USBPDO-4 8A73D1E8

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBPDO-5 8A73D1E8
Device \Driver\usbuhci \Device\USBPDO-6 8A73D1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B16C1E8
Device \Driver\usbehci \Device\USBPDO-7 8A71B1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2296855F-C96E-4900-9338-6DC4EFF6300F} 8A4BE500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B16C1E8
Device \Driver\Cdrom \Device\CdRom0 8A70E1E8
Device \Driver\Cdrom \Device\CdRom1 8A70E1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4BE500
Device \Driver\NetBT \Device\NetbiosSmb 8A4BE500
Device \Driver\NetBT \Device\NetBT_Tcpip_{CBDF0E26-ACD9-46E3-9F62-569813C008EF} 8A4BE500

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBFDO-0 8A73D1E8
Device \Driver\usbuhci \Device\USBFDO-1 8A73D1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5A8790
Device \Driver\usbuhci \Device\USBFDO-2 8A73D1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5A8790
Device \Driver\usbehci \Device\USBFDO-3 8A71B1E8
Device \Driver\Ftdisk \Device\FtControl 8B16C1E8
Device \Driver\usbuhci \Device\USBFDO-4 8A73D1E8
Device \Driver\usbuhci \Device\USBFDO-5 8A73D1E8
Device \Driver\usbuhci \Device\USBFDO-6 8A73D1E8
Device \Driver\usbehci \Device\USBFDO-7 8A71B1E8
Device \Driver\a4amhj6x \Device\Scsi\a4amhj6x1 8A6C01E8
Device \Driver\a4amhj6x \Device\Scsi\a4amhj6x1Port5Path0Target0Lun0 8A6C01E8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8B0FB1E8
Device \Driver\JRAID \Device\Scsi\JRAID1 8B0FB1E8
Device \FileSystem\Fastfat \Fat 8A474790

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A4F3790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000a3a631342
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000a3a631342@001a8a0161bc 0xB2 0xD1 0x12 0x87 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000a3a631342@0019634a5e2c 0x7B 0xF6 0x8A 0x7D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0xBC 0x6A 0xCF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xB3 0x6C 0x7E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x26 0x33 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xC2 0xDB 0xEC ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACylltkbsb.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACylltkbsb.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACxhpyyrwo.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACwxcyfucf.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACmlesivnm.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACwujlqpae.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACkurtownj.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACssfoarhe.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxjbnkwrb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACfagvxadf.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACcxeiexip.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACwxstywvo.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a631342
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a631342@001a8a0161bc 0xB2 0xD1 0x12 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a631342@0019634a5e2c 0x7B 0xF6 0x8A 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0xBC 0x6A 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xB3 0x6C 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x26 0x33 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xC2 0xDB 0xEC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0xBC 0x6A 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF4 0xB0 0xB1 0x2C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x26 0x33 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x4C 0xEE 0xF6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a631342
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a631342@001a8a0161bc 0xB2 0xD1 0x12 0x87 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a631342@0019634a5e2c 0x7B 0xF6 0x8A 0x7D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0xBC 0x6A 0xCF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0xB3 0x6C 0x7E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x26 0x33 0xEB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xC2 0xDB 0xEC ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F86576A-A736-63D3-566C-4FF92F9F5BFF}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F86576A-A736-63D3-566C-4FF92F9F5BFF}@abafpjhpdmgdeklemkldebpgmcnadlkaig 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F86576A-A736-63D3-566C-4FF92F9F5BFF}@bbafpjhpdmgdeklemkkdhbfnfnbajhmmiecc 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.15 ----

Réponse 54 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

Rapport GenProc 2.415 [1] - 09/03/2009 à 23:26:40 - Windows XP

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

__________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

Réponse 55 / 73

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

Salut,

reste UNE clé infectieuses ! ... ^^

fait ceci pour voir :

Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double clique sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copie ce qui se trouve en citation ci-dessous,

:processes
explorer.exe

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys]

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

et colle le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> clique sur MoveIt! pour lancer la suppression.
-> laisse travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : clique sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Poste le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).

Réponse 56 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys\\ not found.
========== FILES ==========
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_001010

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Réponse 57 / 73

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

bizard ... pas marché ...

fait ceci stp :

Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .

Double clique sur l'icone OAD pour le lancer

- nom du fichier à rechercher :
-->tape ou fais un copier coller de : UAC

- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...

->Sauvegarde ce rapport sur ton Bureau et fais un copier / coller de celui-ci dans ta prochaine réponse ...

Réponse 58 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

10/03/2009 ---- 0:29:20,10

----------------------------------
§§§§§§ [UAC] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

"QuickTimeEssentials"="TD_.UDBXu9BWe%xw`*tdY(M'Oa8YX?JlP@zA]?dPU'[}?D]p_8aFZU26(O)[hD8f.KZhu?&dw?G7u'fPzfo.6e(KeAg$b)n.g0eYg!k!9TzPM@)}t+*JIz1i4z2ey8W`a?D]ELG3@5.sz{wUL^qGU9+V'pFBY167$8!_Ybs}-?.O0CEPt)N@*wdErlmYS9+*yq?_IkZ!fx]&i`tLc?e@(-c[U,Tp3xCRE$sf??9s4rg{{amEdA*0[DkQS9~j=6,?!GhQr&yS?)jd2=s4qL'&K&]DA[hddxHdg=T$[77]0RY(Pq8G!DDJ+?XUH52f{V.h@=UBE4J}W@((MkkP8^GfMqkwbm~Rq8%Xk!`%M'$Y?s]i^Eh$4=V0~{Irc5!(LSq@vvIH(?E=5m3sDcoY`5uXN,k-}?yq[nA^NJK*OU-WKewhJAW+cnwVo8~Gi?iObgW!Y@Kt%dM.{HTu4Zi4U$vly9[eA(A3zHmm$jm8[TD!C?ZGQvISNfy^e$h)4K2}]@PnN.ONtwG320p4YymJ+=^jfLO9!NbRWfNVY4!3cA-F6n2-atXtQ[[w?O[Ft?i+]O!&C?toqHQLl~S?P?&zn*j^s![%s$WU*D`[R=W%PnUfuFIs}RG*ZF5,)@O@9N@378'mg2O@l!Y!b9!DZ[LuVLHI9iRW^FgfN@4PdUWvj+jb~%VFt.4f%=$tPK_sK!J!)4b`kql0s953rb(Db`8OoWoeg,hav9vN@0AONU9qqoSpK4E[+?cvk'J6O0`zY[Ek*[Q1T=w^kOYi_KixF9C=MOE939a_]$1p?@xuaVPlpCF1E@Nn+UsCq{@UpH^xb5wcb?r[AS4q+.U34s!gl{RE+=trhLq'Fkm9NpHZ(lH9Y=2LXl-i26`8r~-@3x^-?Aejq]k]!~jPgbwecPOVX@Z'L4DyuKRHcc&t]%Y^i@^_.vP&W.wLdyirTVc)=93Y`}U$yuitFrQ}[%id39By3Q@M~y!WOi=FPfY_EA9QZ`?P8xTdkR6h`eE~,=qG0uHh%Ng%)=gI,4l5I?n[M=S,)Dwpyp)lWTORFAac*T8Dm(~cH@y*AJHZq@HOxJ(@]Q[R!^a{9+m}?9BOFb=]*u2)7I+!YhIfc9!n2-v,a+FL{V7'Z%c7y8z0vSlsK!L+bL8?FDBU{9weuGnz$2+$'5ht&eqVR?V~CU?f}2LLpih%&Ev0O9tmB?Sj].jQ3!8,s'c{8=}.,SIpb'pm0sWB2V@{Y?]mue[,9ren.}S'iZL'y@V-M0q[rUe1HguaYEh96?@cCrhX%61u[z8UyY9.r?h%{?[U&toP+rJXaYaBm9}zHFZJ+UK&+=@Xn3S`@?8JU@H&yRnNK,ia*(4`V=sNBh^VvgOPH5U=K[j'B=V]*i%tP1wezsyDOB0?k@$jX&2o6QDOexdr3g8d6A[Y=.)%e}))=b,V^J3vh9yS{4m?nq'QYnSW5s%{w9.@,e4,oH3YQ3t]=,gS?=pDui!P@GqVUo9y'mezq8m]Lc(6!KC]GM_IZXpi3A?k_d43&.R`GX1v2c22~9tHL==-7CxD1n)GMKvKD=Z!YTq(jUfbLif}Ch!!$9-eFKeh3+=SA^@u_@uVIAZD+BD$!z)SV_?1(IEDS=T45Se0aP+c'r-`xlQi(@oAz!pR3[4NupQ$6YAXe8DS9e?KY[2a!5[&A%'TQAd-&9jv?D1MdiZPhdu}KAtVu7Jps+0_?.BO16H{g(FU%cD&lrLWlf~nDe[?)=Stzq8cY~vw0%UHQ}7qY?2w}=w'Q=G%D3o3+16}(A^4TeCV7ujy'4sV25e0p=x}521q-6QowCw]'C*}EA^puh2%ehcp5WpbXVg)RA1=2yE6v4Sg&%R=AUQ[l=K+cuuiz!0j7?~+?j(vl8E?qTEz.Tx,G1Ob?r~Cp@P$doi4ghrmn(O4Vy,uN@&{v%DvUXk7-XJPY7!&.?cAI~chOn481Vu]p^_do=QqW5y&MJ{'vJ3AL23@MA,s5bW5Y2iY%i_E.?^)k=ri_p[yS-BIW6po2a-wf?3`*?9}vYgDJF,vS`1}YAYNjP0?u[N)bWTkT1h*_A65@L=Z84t^{EFLWqaN[AVKS`y]@e2])1{=2!lw=?ojH3{c)TN)MH,--9pMA=gi%M+AANQggK6nR{g1q9_&7j!rQH-M^&3(w^EOI=NmCmOJm,Y%UWP_9@+P$@mTkUo}lI+GKUhC(H=ZbAl4e(O-kU(At{UM]x]iK?sD,lLPv`-V*^D'.jm409-ZR-eGA%kRRrk+Xpi-B?eeYnd60,HBmkPf5)=SV?)PiA])&d?J2ihGac3*x=cv5_OG]{QEgx}3I&Kz7?q`[lxQ~X^n2ju`]Bs(m@~0`+qU)'$Z7DuD(70J'Apk~_VKF})Fqgpl,vw@AAV^2uyk@pBe_lKEgUk6e@yWnlGICLycE%$AiZXhi?l_txx4i%ibdag$I&hda=6F-FxL-bK6MT0OdIQ5`=*,N0p9ZJIgu3oLe?[1U=t_j'Q7zPxU_(BKdS%t`8VZ]0HG[37VDIi@9XJjF=+vBY18H?T^rvUavrq]MA&BHeDMhZdm+veM512Ir9(N9$6,i+GHp'*)pfr*l8ShBxPQTs_8Tl[L9U@A29{I4FOO^{8dM*zwhbPx!A%(=kg'sSHN$W?ndJl[n=8o14.!zj_iCzD2Qf)G!?0O?G?)A!Ybq5S6J*M'f=^QC)yJ9L4ckQu+Aq)e59ri~?`_6K^B7oHAi2{qt@)mpP&V1p}GzI]${!T{_?$1^W-9Z}QUZl6{bq8t'Auu2R1HuL}IPO&M]}l$`?wTXq%)9zKoZ6sis-@IbA58Ic5S%jsFZa3=V?L6)AYGk,X,G=iJ+f`Kuf}5A9Mug1GQ0[RT$CixGb*Y)?&fmm%lg[)zqKeMD_^[$AyD4U2N=VJ@YJCSDLH]897gWZp.$VWdA9Pl%P,Zj@aDoj[sP?'CHwk]WW[L~=iTte+}-V(8AI9AeWtGX=TQ0j!cOr8v_vG0Zi%Gc@QNu,2C`?zRH3~,v[6c!@`1.Jcqa-h!3Dndh9OkT9bHmN3n{[sRM*KiTc{=-A6w)%33beQp&{5Bc.GkF@UJS)z.6MsRhZ-bGS?Xq@~yD.,N)dlv3xj~GjiB%ABUSJM^b85&csGiE`YbQAvw?ePa72Y=v2VU('?^~?&oupdib%CB(^_^^.IvF@ilkzW4y=(,-TKW9261s=o9IcA=z}$Q1un0wispi?mF%s63`c7yXPg+,=*A8AXUH}rb&j`RW!6Rn^+Fh9.XvqqVldy,dO3[P_$K5=R03'+*fE]fL%!flj4ir908eFged(`C)&Sc)=e3E?6c!NvL}iZ[L3TR`$B3CASGRTB@0D9aGgTzAMS!~@wh@gqdRFfoLog6C1RGR?sSRI,Uzqbz8'FirX&xf@{[?-O~9QZpp7$)?B*b.9)`FtH,&x~+csrIk=zbn@F-j77XQRm5O1b'!s2YL?vJZfQrhh3=*]CSk,a5~@.YeMn09xGXP,46ecBL_@!]iBcqP*ZlfgH9v^IB{?y^7X1w_LaE8KJB=x6@8?7%Cin1t])w8kn0Swh$&@[SfSPjT_ToJa&%E}%](=Qa!sv4fJA%%*rim18pg?n4(9Z)`X+Qr^glryu*_8&ZCk-r}TQ*N{tPJSqNk8{3G_6zn.{6cpp),Q+pb?m=}M_$H(!m4-xPb}$)v@iA[GciTY%YhTTOri*b{?i25l8z6xZt!$aMzHPf`AMEQ6RL[qGPv~CiEp,*B?2)V75'z!l_@zU+V+?{K?ZeU_6F@L`V0%%X0o^dy9zCifM`A9mrIG4A*75cy?pdEM&,a1F07qC*g^yy}8,JUFM2`lkNSpgDvfa=I99VZiOJ[@'Ml}{TOA^DbAb.LG1%Qq@3iPf!C=eA]=$)l)X^6{$$1m$U36~)K@fjfgtXqJtDnUHfVv_gw=rpG15@2$IQTf1ym$D)ZAm{7)oyCjTibAwOk...0AehehCS{-zbpwX@SMO?!@CnSb)lbue6wbS[`&QjUAcq0`-jJ`iluMiZT&34i?awK^CBABTzi8Is_Ba@?=aNvO.o!P'1jaH~!`d_[8(}2M5sI4[.MMMU8L1Qz=8Kz4)ZfR@7O)*cf!f8s@3zV[=-c9+DF=4rS+)rC?lL@I9OpI'$272=4LMx,?PvwO3t,16]r[07dSmQv?YBU!Y3bHK846N-lg=n_8iGW{k.E_Rmub-HL3rtu?7%{{kxnL[&mhCg?Y~n4Ah1^^0[CQ+7^GBi8vxks9B@=tAs155fBUv,p7htn9ZkW4NQx?YrSh@Ll^,D%@u0X?vLh7'VX[NDIo.0%9km@AbGgbE4!yJem20)PAhRDK8Qt7LHUl,EPQLs99-WSFkkNKmn.TvlPk{pz?i1HHi7(nnG=^JEA)tD59fUfm80s2&`CTwElwf)3?3Uip$_*UVHnRmPVq,GM=)Bj]yF)q*)GSaqL-R]_=]bZv`*3%x@b99?MR%rt?c_KkuTfUwpNP+ega)K{?sr(&ct3eFhmO*u?_@j-997JS]!u'u87hK5z7w@y?pfpHqwFe(qfz+IEV_8A?sl$(UG,-LcPrwxtmy5[@I_f{sXtEzL{N-r6qdLX8DnbqsGe?]%7$AK3}[@8=+*w=r^ER4jsoKSUX3S`?`m5exzbPH9.IIGa38yi9J-pbkLr60Wo{qmRRD,U9WRL0D1de%9IO`+.GJuI95bLa8ehp]g'JIy0eCaR?x6$!4?Z6tlaS,KY_w)29j[{{v1yWyO,,M{A61iZ@eot?&xPu=!Fh^Zc}@LT?.3v,RY&}pR7yAZzwm{e?=^^,nb]Zs,fMdXCfwRDAWktnwPcGCa0i4[soJ5%=.Ffm7k}SZdj&0V=i$%^AQ.hPkO!Vcr4NCJS+T@'=(zS.zD=Uy.=$V(8NPie8!S{p%mbT8B1`)W8q=9HA.8b+YOAOx&wi*U8XEPB?+Npv-=8KWK'FD,'*}f{@PuiRBwVsW({z&9ucU@B9C6r[URKZOx%Dld(,=`(@}=h24pm~HbG-FtRLYX*9^Ylq@_WE7&Zcm=9!dF=9Lle2Ycc47B6GQFdaN'p=A7JeKFD).s)X%(CV(1^?Ce+)%9G3&iw__F1.?J[@(tZDaEwb`V'(d@Fck~B=I7Q!]=H1da^erNWDsT5Ae+'BLe!E$V4I!}uh7f_@^T2[+,kScc?'([XJKU1AH?6mj[J'0@e=C_VwCC~?g'xgO-m.,XH`CMqPLjX9_6ZDN&R,E?HZ]UZyNb-9jyTyE%$z9M)?SV*WH.n8}~X%?LS1efv-[d4S'oMAQhNPBgMB-R?Z)JTKZl{?aPCasfnzi+X[`g=,[pb8Ei6IdDKIlJ&tsB896L_99g'QEuG`jEbk)jlK6LU?UuBU$X.A[VzV81?LE}y?z3~1++T&M15LfrKb~8^@@k~oEhs`.4{6EGyclli?f!j8(`&TCvPes!$N@iN9Z?Ng`J7wxjF^+Yhx9tP='83=%SlTD6jJ.A*zrF.AzYlBOa2.?T]o=h+dbMO?YK^Sc-}d}_ToFy1TOZo@d4$d0)rOVN6dMSM2DJ!?2^wl+9?W8Of(_ii[8iY?&{15t{1^F[s3QL!2K~$@SLi~rszwD=7_JOD5n%0A7~wRD&F%Weq{u%?,yrL@LT==xp-F^dQx,BCtMf4@OUc9Kse1`9BDxtUWLVH='5gcZ`sGhYlmg-*I-?[94nPtD==1@zDY3*Sfz0(9N.elWtQ$2.eO1+h85ni9lS4tU7~prNF@lvh'Lwn8-~A(%gc]6rP72~)k9$h@KM`3m0wci6]t6O_LG,7@`.S5G?jZXRJ]e_Y'tlY?'sIq7{!nN3g6q1B[T!s@HWJm6R9k,7TB%Ms+8-h?)UxeMg5o'AMvgab.0-l?,p8sBEaDtCb6l7=_mUCA$GK(VBdS*GcOu=?el$j?ZKk)MKT^pmg-vr&`Jg^@XZ.k[FPZwSYCC..}xrm=a10Bo%6sXLPZS5Ugb~1?P4(zEhQFYB8s(P&gY{99xISeXUVD*5VxrA=L8yA@cQ^@8jfw@-OmtzGmFd.A,.-2qAY}V$Kwxm]k^3b=HxFXXeeHN0.wsU!H45&A^3vL&HsKOkIYQ7lhQlf@Vv(ma=7SG9?k6!IG2u]?^8}tw+2QH@26CTB@+]d8-X&H%nhg2vRfsL,.?IN?sxd3`r?8y9quMke{ce`9VlE}dD'.`(8959@sMA69YAy*VJG]=.5)k*vzANH?_)o@h!2d.@TXzk$}Z$1?nUiO)n[FedkdA!'i[3F?a2]17u@2LJX6Lnhn0}F95PPE.oBR=sKwIW!z!zh8oL=W1XAky@JZb[v{4N_A)y}r?ZmL'bA0CH_[.Dx?f&Ed=`ZEU=Os2)$ApW7ABf`9(}sYJBP69WG(a{S=yv6F-z@X&ixcK@5.I,*ADp1vt]-u_,~o1o&}}~T?0b4~KhS'B)$H]JAnd4b8`z6,)'$!TP@Qma7bg0h?ta{Dr@[foC{EJsKCq}*@,)D9tfw($n%Z[Wme4[290g`GU(f]v=S6EMG8L[v=iccVaa3MN_~6r)=V,8EA`_7tF4'qr_zZsTA,f3F=!%sqdBRy^i9o.RO+ah2@(=.T4Q.9x,G8TG@%(Ks=+xKSteQ{m`Q0LvxKB9L=vTlp7l4}6^j)%bY7V){@wI{QKX!sI-aqBB^Ml@1=lIQ$GE0dUTYk7)NXj=!?nYJ-7BiM0??n9y=iOg~870xI%l=jWBwZIz!%vod?5PA6jeS2cJ5FG'@RBdM9K%ex[@A8v`Zhs7l)0d,APqZbPM[2*($Iw5SV0?z@oz1dE_(~Zi"

"Language_Pack_Redist_Package"="L(cq1Vgdb?xcTyf.=?mk(7_]!r2&v=[]47pqwtLU!bGTmAV.6@[b{3T_?2G&WgVAsjTz~9qUuFVacdlM+}Ji`991v@=eVcMyt^b]wmvI,!U@c9Nea5(5T1HMmJo%T@r[*9^^v*y_E?mAz!~g=rMt5=N`aBk)f5fNy+fXP4WhEA7M2`HUv83K-Xg0$Dys}=psp+x&yUO'O0^(B''er=ReDw!Cx*&io)cys[)bN=ZwSjgI38rv8jwfSLTGM?Lp9=gkFsn9^bwD]P@l0=*J{kR(}qm4{Hb2GcB7f?ex@nLnyyYMh2cr.4-~V@_-_4=A4g2a-2-{kSj%,9oyF)WZ`Y2p}}`k].=7g(X*z?VXB]2da}`k].=7g(X*z?VXB]2d68-(q!pLi=SP7&Kpm~0Vr0an_j*-c=g&z49A1oLeE_8942!k&?J*[0I=]m4oeuBBpy)cr=![-w=*RA=Z+1'P1UVg+@?2T5l61H,4Ms!b@^Hzz@QaIZlUztg(,5X!2Xp)==)LNML[}@FRPac{Dxp,T?)gQ[MJ,`Q2]*9PzC_Eg=sXQZBLt,0VD9oZutm68=?K~%3,%lTZ[R5lat+De@H4rNPLzAS+b,3V4p^~n9sEgmBOm9JMD)q0@gx3m?nYjuAcDt_S'ZN'x`A,Q9,.-7si0RWgi6g4fQWs5AGRdE.O*+-w?wrc)Vq`9AUejavnsoz$aDJA`,RS_=50(lyu=!G3*gm9R`EiV=lP2K(uN=iLGIb.Nea=S9EgGYM8XXf]&55^uENON=K4,~bZprLi*L=`B{6~PAvb0{I96XmMjH3yc7tpr@qv4FWqZDA``F9Br8@Df8OkFe_2vJg&B5W`K]U!'9]gyh.Z.2p9Ajb.E?l)`?26iz_zcCH-}cez[ngIC?,i8nLciaRcUs6PDHnj$?6P)1B,(=y[T3*R)[6rv=sohUD,'+(dKhpxzh_h8=Ux=&Pus+PZyKl+.NsNLA5XljJ48@m'PORH*fP7O=!Z!2Uk&SuyJ!?mAEFtn@rS3B@sd}2E9r6YXsR)x8$8'GrM6tDx0j5?%zajv=j&z!05ZMDYmoSCoS%7i995KlE{1GqUD_-E3x}m{@evK4HT1aF!2NK$fw^gs8)K3Qacvjxgv&'xoHt-X9=pxPA83fwGkv7Cd*mo-@]SUORzmpKvt[=&ZP7h^8?b2$2E,.m+MKYcr6brq8SP`uJMpQKEVbyJT,4.0AFNVtpQLTnq1O3bekJIZ?v~}'DA$HG[KB}@wOyn3=qW=Yoi2C?*H?hJ=QM?g(Z1z?VXB]2d=@hJ=QM?g(Z1z?VXB]2di^yd0+'@g(Z1z?VXB]2deWir?)[Or8EpL*ugfDG[^{P,F_8=K?jw'nPwp,oF5X6CxwcBa=EGI_Yf^WQ]"

"NeroShowTimeD773A6E2"="B3&5,B^pf(V%eqFgkW_B=3&5,B^pf(V%eqFgkW_B7YK?{]tuf(^?eqFgkW_B'Y{s3~0t]a)K[P`=]au6x@!0AmqVraYw?ozAX,o$B24zx{Q!DVCOOmlK+P^LqkZ[R{+1]%a(aHsknfWSo`g@-wV!0N`6V7VQ6ELMR~zx8W6SELliJ$Z'$Xoy"
"NeroShowTimeLanguageNls_SKYF809FFBF"="bRuAclF6VuG!&(aQ6R$1NeroShowTimeLanguageNlsFE95EAC4"

[HKEY_USERS\S-1-5-21-457833038-2375772374-2302921364-1007\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_TOOLBAR.GOOGLE.COM_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"icon0"="AAABAAIAEBAAAAAAAABoBQAAJgAAACAgAAAAAAAAqAgAAI4FAAAoAAAAEAAAACAAAAABAAgAAAAAAEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wADfv4Ai6WmAAcAnABmRTwAIXmTAAAA/wAVPVUASzeYAFEZAgAmu+QAysPAABNIyACfm+gAYXOeABAARAAbic0ALG5ZAAgziwA3DCYAEwBxAAwo8gAzNjYAGaCfABJafAAtAAAABWjcAAEA1wBAJrkAB1mrABgiKwA8VmoAEjmqACEeDABNY4sAGq7+AERISQAPKmwAGHG7AAUAuAAVTZYAIUN4AGY2JQAjoskAHQePAB1CMAABYcQAC2iXAB2HpwArRlAAAAKFAC5wgQAWUWcAEQAtAAuYxwAXNEAACgNZAAsTkAAflLYAHA8AADMPCwApVmcAIazaABxPVgATX9UAC26oAEEOAAAFd+4ABit7AAsPowAIJJMAE2G6AAaJ8gAevv8AG2SWAEFAOwAVgcAACFiVACFnhQAUTtcANCg+ABsInwAZntUAF1urABY8ZQAKUrkAMFRZABBLegAVVIkADS1eAAJe0gAjLzoABArgAEAyNwAXba4Am5PeACJbcQAtEwAAHIC1AAgAewASRl0AAACSAAcAxAAeA20ACVCMACEAAABMIQkAEJG/ABJghgAQRWkAFVRzAA4AYwAFY7oANwQAAA0wpwApEQ4AJL3uAB6SrAAgjLwADy+RABlddQAPUYIAZEA0ACBrkgAZBIcAGXaXAA8AUgAcT3AAFWqTAAUA3wAcQlMAFnWrABk2WAAZeroAGpbTAB2x3wAZYYIAFD1NAA07sAAFhPgABgD6AC8VEQAsDAkAFUVWAAtdmgANAD0AI6rTACBXawAcCpgABoLwAANi2AAhrOIAFHKyAA8zWwAfB4cAF2WbAB+exgAABooAIhEAAByu+AAbPmIAF2SHABVSgwANAGkAHY2oAB0aDgAdnNEAG36+AA9fvgAKY5oAJBsIAAJbzQAScaoABX35ABtUVwAVRGgAl5bfAAAA3AAMBFMAGnqUABBEZAAVTWQAF09xAAcAvwAdja0ACABWAAR+7wAVT2sACw2fABBNfgAMUn8ANAEAAAF47wAVOU4AGUxWABqy/wApAAAAAACOAAWG8AATU3YAFFd7ABNTgAADgfgAIaHGABVScAAGeu8AMQAAAEIRAAAgosoADwBHAB+TswAXcK0ACl2XAASE7gACAIYAAADZAB+VtQAPAEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACNgii9eCdjCHd8XHTA0AoAZ11BhBmKWkWakG1+YY9DAEaobjN/YjocFXKknnoGPQBULnAHLRI3IB0UUgfSrz4AnJ99B5trKl4JUZUHaCJPAFk8kmYQz9rXs6s5xjamgABfybVYvMPNvjVAb8ploksAEcSHP9F1uQvMndmlmEqGAKEkTVNsiHaTOyzTMaegJgBq1MgXAyNHaarVkU6ZSLoAxbDCKwFg2JfHu0TBqXNkABq3H3sBsbIbSZbOy1aLBACOiWoFAQ7YrNaMrgJbrbgANLQ4JQwPE78wcS8eQhhQAExXMpR5toOFVaOBKSENFgAAAAAAAAAAAAAAAAAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAAD//wAAKAAAACAAAABAAAAAAQAIAAAAAACABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8ABnrxAJBqaQAbAZkABvr+AAZ3fgCtrdYAYzANAAMA+wBvYcgAGC5KAA6/wgAQRLsANDX/ACXF/QAZgrUAOQcAAAEAXwDW1tcATURUAAMAyAACRPAABCx/AA4BMwAcoeMANzOnABpQcgAoEGYAaFtuAD8wIAATX5kABNHlACGUkQAxDj0AHBIVAAax/gAIFqoAAgCHAC9IQAAELdkA6enqABdoxAAFkM4AnJu/AACnrwAmbX8AIKHDAABFZQAGIC8ALdfnACW42QB/cLQAAxBJAA8ymgBOGAIAAVTYAABcaQAfeZwASjo2AAXj+gA1DCIABAHjAANg9QAPGmcAJyUpAB4BAQAbR1sAAB3DADDb/QAAAKIAEUyLABsHeQAJABsABRfmACcp7gAcr/wAF6+vAAVv3QAHFosAfnZwACSWsAALMFUAMxkQAAY2QwAZB2AACyq4ABNvjgAGn+YABS/qABxDQAAWECcAGmNqAAwCTgAEFdQAGpPQAASEwQASPGQAPikMAAbn6wACapsAF3OxAAUAsAAUho4AFmF9ACGu5wABJ20AFhOWABYoMwAoV18AOTgwAAXQ+QAMAZEAAxtdAAEBPQAiqdQAFx92ABmCngAaARAA+Pf2AC0MBAAbkcAABLzxAEwKAAAMAXAADhHIAA0WHAAqMTQANBsrACvO9gAOAqAADwsKABATPgAPUqQADALAAA0bUQAXc6AA08/NAGpiYAADUukAQxMCACS/8QAAc4sABx18AEETEwAAOFMAET9VABl1zQAGzNgAA038ABMAAAAVAiAABQEoABQGiQALH5YAKR0dAAgKfAAebYsAC2a/AA8DQwAYk9wAAQHvAKenzQADANQALQIAAA9SawASJF4ADTimAAQLYQAkNj8ACio8ABh1lAASTIAAAgBuAA4vSgALKZ8AGF+KABqc7QAeCW4AH5i0AB63/gAAAEgAK9T9ADY6PAAFDbUAJQdeAAhSzgASXMQAHYyrABd0wQAbpu0AAgGUABFXggAgoM0AAw2jADcPAwAGwucAIwgNABQzNwATNkgAAHFzAAcFiAANRV8ABxc5AAsBXwAVJT4AAC9lABNEbAAWbJQACypxAA4BJwA5KxYAERAxAAQAvAAjCgAABqz3AD1CMAAZeqAAFlp1AAYILgAjFx4AEBwjABpGYwA3SzoAAGprAOTk5QAdjrMAFQWdABQ3VwAJAX0AEky1AA2+zAAJGJ0AIISeAAb1+gAhrOAAAztkACW66QA5Fw0ACAGmAAkfbQAapP8ABhtGABApUAAlRVMAFl2kAAEAMwAKAsgADQJmAB0uOwAfs/AAIJnEAAYoNgAGBJgAVAwAAB+i2gAACaGj92aCcOV8+MyfsITSl3YLG0LFeHh4w8OMjDc3NwCjPj6j1Wbvv+WtqEe2efPz8+sPxyNCQkJ4eMPDjIw3AIb3Pj6jFe+nvf9p+hn/eXnB/2n6afud+UKkeMPDjDcA79WjPhW7ae15wKp+g5j29nKYg93H0MGNc0NCpMPDjABw79VWaTPANXKYlpZCzCblJl1CQpZycvLQgfsjpMOMAOX9r4Hp27WtRuV4EVwoPj6hSIzDeO9GrXLLL+sjpMMAfJztq5Zd1aOh49MnPbpWBEujIoyM96GjZtKWwftCwwDM9euWQnChPqEE05RNnudiAw7VjIz3oT6hVULdD6mkAF3B2pZ44wk+oeOMbiEMlN/+NKOQN/ehPgmyeJbiOqQAXevHQsPjoT6h4zd7e7mANwgKa9gehj4+obLDQmh5QgCfGcdCeJmjFaOZjIyMgtUcGn10HozvFRWjVcNCaHlCABhfQ0LWzL8mv8x4eHj4v7+/h9xaWo8mJr+f1kKd2UIA0h/QlpaYtbW1mJaWlva1tbXbQkKWcrW1tUmWlhDkdgDSH76qqq5SUlKuxsbGrlJSUq7GxsZSUlJSrmyS+s92ABsPTKC+Dw+BgbaBgba2RYFFgbaBtkW2trYP6xm0tAsAW6BMsaBfEP/B2Xn7wWjZtsGr4qvZdaviVw9fTLQQlwB2iLTxoGWq62nK/w/r/KW20IiI4vsxq6qlaV9MtKzSAELkTEygoF+0tuv7trYv67a2L3MPtnONc43/GbQZhxgAxUJhtLGI4ry84uK8vLPivLyzUby8s7zi4tm0vvBdnwB4xZZltH6WQopQUBQSEhKRMBLgqM45Ejlx0Q+FEsxdAHjFQuS0bKTuE3d3LBWjo2BYXmMoTsSjIDg2jU8mfF0Aw8VCzUxspO4pAQGioz4+K9dKBVkCbz48P5pz/b/lzADDeELNviMR7uEBAaKjPj4r10rqWQJvPjw/yS/C78l8AMN4QhtfQsPu4QEBoqM+PivXSupZAm8+PD+/s1ZmcOUAw3hCedqkw+7hAQGioz4+K9dK6lkCbz48P0RnKmbvcADDpPn6I6TD7uEBAaKjoT4rJEoFWQJvPjw/Fgb7uNXvAMOkwatCwxHuKQEBB6Oj1WRgXupZAm+hPIuVLXWT1dUAES6NfiODlkKJd4kdcnLL/Ko1yMJOetWOahcGVDMNFQARUbZzc8Hipbc7qWi8wcHBwS/iwOwwcasvL8EvMiqjAIxTbX+bQfTpeVd5Ot7N1NSE86wQ+3XBZTboJVbmo6EAN4wRERERpKSpndxCQnaXl5fS0tKmiEDM5XDv1RU+CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAIAAAACAAAAAgAAAAP////8="

*******************
[Fichier]
*******************

c:\GenProc\outil\UAC.vbs

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 59 / 73

sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention 463

salut,

on va essayer autrement :

Copie les lignes de la citation suivante, d'un trait :

Drivers to unload:
UACd.sys

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys

Clique droit / "copier"

Maintenant crée un nouveau document texte : clique droit avec ta souris sur le bureau et choisis "Nouveau" ---> "Document Texte".

* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau : "Enregistrer sous..." et nomme le " mad.txt "

Télécharge à présent The Avenger :
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

* Dézippe-le sur ton bureau et double-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc

après le redémarrage :

* Ouvre le fichier C:\avenger.txt et copie/colle son contenu dans ta prochaine réponse ...

Réponse 60 / 73

Zefalcom Messages postés 50 Date d'inscription Statut Membre Dernière intervention

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\UACd.sys" not found!
Deletion of driver "UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Virus windowsclick et autres !

73 réponses

Votre réponse

Discussions similaires