Virus pp06, LD08, DL32...

Résolu
buse -  
 buse -
Bonjour,

je crois (voir sur) que je suis infecte par un virus/troyen.
Apres avoir ouvert un .exe (sous forme d'un zip) mon PC bugge (j'avais pris la précaution d'analyser le .exe mais avast ne m'a rien trouvé :-( ).
Démarrage impossible (vista) : le PC reste bloqué sur "veuillez patienter"
Demarrage poussif quand meme en mode sans echec et avec les derniers parametres corrects...

Du coup, vraisemblablement j'ai le malware koobface au vue des nom de fichier indiqué en titre
pouvez vous m'aider à le deloger sachant que je vais vous fournir le rapport hijackthis + le rapport smitfraudfix (je n'ai fais que ca pour le moment pour ne pas perturber les etapes suivantes)

merci d'avance

PS : que fait exactement ce virus? car j'ai peur que certaines données soient perdues
Configuration: Windows Vista
Firefox 3.0.1

49 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le sujet porte sur une infection par un malware Koobface sur Windows Vista après l’ouverture d’un fichier .exe compressé, entraînant un démarrage bloqué et des craintes de perte de données.
Plusieurs analyses antivirus, dont Malwarebytes et Kaspersky Online Scanner, et l’usage de ToolsCleaner ont été réalisés, révélant peu d’éléments infectés et la détection d’un fichier infecté not-a-virus:RiskTool.Win32.HideWindows.
Des étapes de nettoyage ont été entreprises par l’utilisation d’outils comme Combofix et HijackThis, suivies d’un redémarrage et de la réactivation éventuelle de la restauration système pour éviter de futures intrusions.
En pratique, la procédure a permis de sécuriser le poste et de préparer le rétablissement des paramètres, sans conclusion définitive sur l'état du système et avec réinstallation des applications clés comme Firefox.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. buse
     
    rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:46:13, on 01/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Windows\System32\rundll32.exe
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    E:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\System32\rundll32.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ld08.exe
    C:\Windows\System32\reader_s.exe
    C:\Windows\pp06.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    E:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    C:\Users\Administrateur\reader_s.exe
    C:\Windows\System32\DL32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\System32\mobsync.exe
    C:\Users\Administrateur\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: C:\Windows\system32\sjg9s8guigjs.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\sjg9s8guigjs.dll
    O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\Windows\system32\796525\796525.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [sysldtray] C:\Windows\ld08.exe
    O4 - HKLM\..\Run: [reader_s] C:\Windows\System32\reader_s.exe
    O4 - HKLM\..\Run: [pp] C:\Windows\pp06.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [] C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    O4 - HKCU\..\Run: [Windows Resurections] C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    O4 - HKCU\..\Run: [reader_s] C:\Users\Administrateur\reader_s.exe
    O4 - HKCU\..\Run: [DL32] DL32
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Enregistrement de FIFA 09.lnk = E:\jeux\EA Sports\FIFA 09\Support\EAregister.exe
    O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - E:\jeux\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\sjg9s8guigjs.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c996b3575e4932) (gupdate1c996b3575e4932) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    0
  2. buse
     
    rapport smitfraudfix

    SmitFraudFix v2.414

    Rapport fait à 9:41:26,38, 01/05/2009
    Executé à partir de C:\Users\Administrateur\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Windows\system32\oodag.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\WUDFHost.exe
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\System32\rundll32.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ld08.exe
    C:\Windows\System32\reader_s.exe
    C:\Windows\pp06.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    E:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    C:\Users\Administrateur\reader_s.exe
    C:\Windows\System32\DL32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

    C:\Windows\ld08.exe PRESENT !
    C:\Windows\pp06.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

    C:\Windows\system32\DL32.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Administrateur

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ADMINI~1\AppData\Local\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Administrateur\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ADMINI~1\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    +--------------------------------------------------+
    [!] Suspicious: 796525.dll
    BHO: 796525 Class - {E7F15AC4-E0A9-43F0-921B-70DFEA621220}
    BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
    Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
    Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{B2BA40A2-74F0-42BD-F434-12345A2C8953}"="jso8joigm409gopgmrlgd"

    [HKEY_CLASSES_ROOT\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
    @="C:\Windows\system32\sjg9s8guigjs.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
    @="C:\Windows\system32\sjg9s8guigjs.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "LoadAppInit_DLLs"=dword:00000000

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  3. Utilisateur anonyme
     
    Salut ,

    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    # Relance le programme Smitfraud :
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
    0
  4. buse
     
    Merci pour la rapidité

    Voila le resultat :

    SmitFraudFix v2.414

    Rapport fait à 10:32:36,37, 01/05/2009
    Executé à partir de C:\Users\Administrateur\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{B2BA40A2-74F0-42BD-F434-12345A2C8953}"="jso8joigm409gopgmrlgd"

    [HKEY_CLASSES_ROOT\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
    @="C:\Windows\system32\sjg9s8guigjs.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
    @="C:\Windows\system32\sjg9s8guigjs.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.
    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\Windows\ld08.exe supprimé
    C:\Windows\pp06.exe supprimé
    C:\Windows\system32\DL32.exe supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    C:\Windows\system32\796525\796525.dll deleted.
    C:\Windows\system32\796525\ deleted.

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{118E5BFF-D8E1-4435-8BB1-87F4770EC996}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» RK.2

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{B2BA40A2-74F0-42BD-F434-12345A2C8953}"="jso8joigm409gopgmrlgd"

    [HKEY_CLASSES_ROOT\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
    @="C:\Windows\system32\sjg9s8guigjs.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B2BA40A2-74F0-42BD-F434-12345A2C8953}\InProcServer32]
    @="C:\Windows\system32\sjg9s8guigjs.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt
    0
  7. buse
     
    vla le resultat :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-05-01 10:49:32
    Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
    System drive C: has 63 GB (63%) free of 100 GB
    Total RAM: 2046 MB (67% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:49:34, on 01/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Windows\System32\rundll32.exe
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    E:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\System32\rundll32.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\reader_s.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    E:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\Users\Administrateur\reader_s.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Users\Administrateur\Desktop\RSIT.exe
    C:\Users\Administrateur\Desktop\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: C:\Windows\system32\sjg9s8guigjs.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\sjg9s8guigjs.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [reader_s] C:\Windows\System32\reader_s.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [] C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    O4 - HKCU\..\Run: [Windows Resurections] C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    O4 - HKCU\..\Run: [reader_s] C:\Users\Administrateur\reader_s.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Enregistrement de FIFA 09.lnk = E:\jeux\EA Sports\FIFA 09\Support\EAregister.exe
    O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - E:\jeux\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O13 - Gopher Prefix:
    O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\sjg9s8guigjs.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c996b3575e4932) (gupdate1c996b3575e4932) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    0
  8. Utilisateur anonyme
     
    • Télécharge et install UsbFix

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau .

    • Choisis l'option 1 ( Recherche )

    • Laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    -
    -
    @+
    0
  9. buse
     
    voila le rapport usbfix :

    ############################## [ UsbFix V3.015 # Scan ]

    # User : Administrateur (Administrateurs) # LHSWEET-6Y8HJ6P
    # Update on 30/04/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 11:15:32 | 01/05/2009

    # Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
    # Microsoft® Windows Vista™ Édition Intégrale (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 7.0.6001.18000
    # Windows Firewall Status : Disabled
    # AV : avast! antivirus 4.8.1282 [VPS 081203-0] 4.8.1282 [ Enabled | Updated ]

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 97,66 Go (61,72 Go free) # NTFS
    # D:\ # Disque fixe local # 465,76 Go (123,08 Go free) [sauvegarde] # NTFS
    # E:\ # Disque fixe local # 368,1 Go (284,27 Go free) # NTFS
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque amovible
    # K:\ # Disque amovible
    # L:\ # Disque CD-ROM
    # M:\ # Disque CD-ROM
    # N:\ # Disque CD-ROM
    # O:\ # Disque CD-ROM # 2,01 Mo (0 Mo free) [Pop key] # CDFS
    # P:\ # Disque amovible # 3,7 Go (1,75 Go free) [Public] # FAT32
    # Q:\ # Disque fixe local # 189,92 Go (34,26 Go free) [Nouveau nom] # NTFS
    # R:\ # Disque amovible # 244,73 Mo (241,05 Mo free) # FAT

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Windows\system32\oodag.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Windows\System32\rundll32.exe
    E:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    E:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\System32\rundll32.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\reader_s.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    C:\Users\Administrateur\reader_s.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conime.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\windows\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    HKLM_logon: "DefaultUserName"="Administrateur"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    HKLM_Run: VolPanel="E:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
    HKLM_Run: P17RunE=RunDll32 P17RunE.dll,RunDLLEntry
    HKLM_Run: UpdReg=C:\Windows\UpdReg.EXE
    HKLM_Run: avast!=E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    HKLM_Run: CanonMyPrinter=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    HKLM_Run: SSBkgdUpdate="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    HKLM_Run: OpwareSE4="E:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    HKLM_Run: ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    HKLM_Run: AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    HKLM_Run: USB2Check=RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
    HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    HKLM_Run: iTunesHelper="E:\Program Files\iTunes\iTunesHelper.exe"
    HKLM_Run: reader_s=C:\Windows\System32\reader_s.exe
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
    HKCU_Run: ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    HKCU_Run: DAEMON Tools Pro Agent="E:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    HKCU_Run: Windows Resurections=C:\Users\Administrateur\AppData\Local\Temp\ntgope6zyh.exe
    HKCU_Run: reader_s=C:\Users\Administrateur\reader_s.exe
    HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=

    ################## [ Informations ]

    ################## [ Fichiers # Dossiers infectieux ]

    Found ! C:\Windows\system32\reader_s.exe
    Found ! C:\Windows\system32\tmp.reg
    Found ! C:\Windows\system32\tmp.txt
    Found ! "C:\Users\Administrateur\reader_s.exe"
    Found ! O:\autorun.inf

    ################## [ Registre # Clés Run infectieuses ]

    Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "reader_s"
    Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "reader_s"
    Found ! HKU\S-1-5-21-837058442-2612039814-1966155014-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "reader_s"

    ################## [ Registre # Mountpoints2 ]

    HKCU\Software\Microsoft\....\MountPoints2\{5522fec1-8745-11dd-b48e-001bfcd29768}\Shell\AutoRun\command

    ################## [ ! Fin du rapport # UsbFix V3.015 ! ]
    0
  10. Utilisateur anonyme
     
    • Double clic sur le raccourci UsbFix présent sur ton bureau

    • choisis l'option 2 ( Suppression )

    • Ton bureau disparaitra et le pc redémarrera .

    • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0
  11. buse
     
    le pc a bien redemarré mais il n'y a rien qui s'affiche (peut etre qu'il scanne mais y a rien qui me l'indique fenetre logiciel ou autre...)
    je fais quoi?
    0
  12. Utilisateur anonyme
     
    fais un clic droit sur le raccourci usbfix , choisi executer en tant qu administrateur

    ensuite refais l option 2 stp
    0
  13. buse
     
    ca ne marche toujours pas.
    c'est peut etre du a des logiciels qui s'ouvre au démarrage comme par exemple un bureau virtuel (bumptop)
    j'ai aussi l'iphone qui se connecte "tardivement"
    0
  14. Utilisateur anonyme
     
    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  15. buse
     
    ComboFix 09-04-30.05 - Administrateur 01/05/2009 11:53.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.2046.1410 [GMT 2:00]
    Lancé depuis: c:\users\Administrateur\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1282 [VPS 081203-0] *On-access scanning enabled* (Updated)
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Administrateur\reader_s.exe
    c:\windows\system32\reader_s.exe
    c:\windows\system32\sjg9s8guigjs.dll
    c:\windows\system32\tmp.reg

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-01 09:14 . 2009-05-01 09:17 -------- d-----w C:\UsbFix
    2009-05-01 08:49 . 2009-05-01 08:49 -------- d-----w C:\rsit
    2009-05-01 08:32 . 2009-05-01 08:32 35 ----a-w c:\users\Administrateur\AppData\Roaming\SetValue.bat
    2009-05-01 08:32 . 2009-05-01 08:32 35 ----a-w c:\users\ADMINI~1\AppData\Roaming\SetValue.bat
    2009-05-01 08:32 . 2009-05-01 08:32 691 ----a-w c:\users\Administrateur\AppData\Roaming\GetValue.vbs
    2009-05-01 08:32 . 2009-05-01 08:32 691 ----a-w c:\users\ADMINI~1\AppData\Roaming\GetValue.vbs
    2009-04-30 22:50 . 2009-04-30 22:50 94204 ----a-w c:\windows\system32\drivers\glaide32.sys
    2009-04-30 22:49 . 2009-04-30 22:49 2 ---h--w c:\windows\t55ft2692f44.dat
    2009-04-30 22:49 . 2009-04-30 22:49 101888 ----a-w C:\mrypqar.exe
    2009-04-30 22:48 . 2009-04-30 22:48 8704 --sha-w c:\windows\7185F.exe
    2009-04-14 08:11 . 2008-10-10 02:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
    2009-04-14 08:11 . 2008-10-10 02:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
    2009-04-14 08:11 . 2008-10-10 02:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
    2009-04-14 08:11 . 2008-10-27 08:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll
    2009-04-14 08:11 . 2008-10-27 08:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll
    2009-04-14 08:11 . 2008-10-27 08:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
    2009-04-14 08:11 . 2008-10-27 08:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll
    2009-04-14 07:00 . 2009-04-22 20:24 -------- d-----w c:\program files\BumpTop
    2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\Administrateur\AppData\Local\Bump Technologies, Inc
    2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\ADMINI~1\AppData\Local\Bump Technologies, Inc
    2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\Administrateur\AppData\Roaming\Bump Technologies, Inc
    2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\ADMINI~1\AppData\Roaming\Bump Technologies, Inc

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-01 09:41 . 2006-11-02 16:03 671016 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-01 09:41 . 2006-11-02 16:03 124066 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-01 06:14 . 2008-02-28 12:55 2032 ----a-w c:\users\Administrateur\AppData\Local\d3d9caps.dat
    2009-05-01 06:14 . 2008-02-28 12:55 2032 ----a-w c:\users\ADMINI~1\AppData\Local\d3d9caps.dat
    2009-04-14 08:08 . 2008-02-28 13:09 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-12 21:58 . 2009-03-12 21:58 -------- d-----w c:\program files\iPod
    2009-03-12 21:58 . 2008-02-28 15:22 -------- d-----w c:\program files\Common Files\Apple
    2009-03-12 21:57 . 2008-02-28 14:53 -------- d-----w c:\program files\Bonjour
    2009-03-12 21:57 . 2009-03-12 21:57 -------- d-----w c:\program files\QuickTime
    2009-03-12 21:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-03-12 21:56 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-03-12 21:56 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-03-05 22:59 . 2009-03-05 22:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2009-03-05 22:59 . 2009-03-05 22:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
    2009-02-05 09:54 . 2009-02-21 10:20 453152 ----a-w c:\windows\system32\NVUNINST.EXE
    2008-12-04 21:22 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
    2007-08-26 14:32 . 2007-08-26 14:32 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
    "DAEMON Tools Pro Agent"="e:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="e:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="e:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
    "P17RunE"="P17RunE.dll" - c:\windows\System32\P17RunE.dll [2007-04-09 14848]

    c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    BumpTop.lnk - c:\program files\BumpTop\BumpTop.exe [2009-4-20 4077568]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

    [HKLM\~\startupfolder\C:^Users^Administrateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iPhoneRingToneMaker.lnk]
    path=c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPhoneRingToneMaker.lnk
    backup=c:\windows\pss\iPhoneRingToneMaker.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"="0x00000000"
    "UpdatesDisableNotify"="0x00000000"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{DB6BA2E5-4646-4147-A0B5-0BFE8C5B064D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E6F1F7E3-31CF-4989-A148-AF0C9BA9E117}"= e:\program files\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
    "{3DE2D1B7-5A76-4D8A-8F03-9A4834DA9E06}"= UDP:e:\jeux\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{E97118C3-1AE2-47C9-B83E-6E8D19FAD96C}"= TCP:e:\jeux\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{8F0FEC7D-1FBC-45AC-9565-7FE593BFF03E}"= UDP:e:\jeux\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{1867577E-85C2-4529-BA71-954A7FAF2AED}"= TCP:e:\jeux\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{215BEEA3-4B05-4CE4-A973-720D1744F5F6}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{30C22D1B-CC34-4887-85FB-0C1FA099BEFC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{6B9F3852-A383-47D9-B9CE-801112F4864F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{DBB9E2C2-4D92-424B-AE02-14FFA916D330}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{5C39E984-2F71-4FD1-AC8C-79919B3B6446}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
    "{3502F4C3-17B9-4942-9FEA-D8705D8E4495}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
    "{550A823C-5432-4B5F-9A3B-B724F151F3E7}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
    "{C77CC0AC-73F8-4F71-A199-B54BBA893474}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
    "{D1885B1D-AC70-499A-A3CC-02A8C43844C7}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
    "{8827D9E1-EAB8-4EFC-869C-A716B89B2128}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
    "{F6B2209C-355E-40FD-983C-82D78B634164}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
    "{E5DA9564-140D-43D4-A6FF-778F08504E18}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
    "{A3F17C12-B44E-4DED-ACF7-09CDCACE2970}"= UDP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
    "{DF95E30C-0FE6-4E61-8E1C-D50ECB909FCC}"= TCP:e:\jeux\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
    "{A2EC33F1-EAA1-45E8-9C9F-E2DC57CA517C}"= UDP:e:\jeux\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{C09873C8-E9E6-4593-878E-4A3D15955BD8}"= TCP:e:\jeux\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
    "{ED48ADB0-659F-4334-AF0D-AB70EF423060}"= UDP:e:\program files\Azureus\Azureus.exe:Azureus Vuze
    "{108899C6-0ADF-4DB3-BA7D-69A48721DBCA}"= TCP:e:\program files\Azureus\Azureus.exe:Azureus Vuze
    "{ABAE8409-928B-4B93-BF92-2F34D7197471}"= UDP:40845:port azureus
    "{40A5A847-7FB7-495F-915E-F921922739DB}"= TCP:40845:port azureus2
    "TCP Query User{C3CEAE81-4E80-457E-B68C-29979D1E0CD4}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{7B190847-45AE-4F17-9D15-FAF1C185E949}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "TCP Query User{E6D5CCE5-8AF3-44E2-964F-1BB9E3FF03AB}e:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:e:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
    "UDP Query User{F928E928-DBCE-41D2-B769-29168485A0B2}e:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:e:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
    "TCP Query User{CAFC549E-39D2-4C7C-B6B5-C7D2ED4BDEE4}e:\\program files\\mozilla firefox\\firefox.exe"= UDP:e:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{482CE51F-79C1-4C15-AC0E-455463C46AF7}e:\\program files\\mozilla firefox\\firefox.exe"= TCP:e:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{50438E4B-7D2C-49B5-AAD7-E6476FB4F67E}e:\\program files\\tvants\\tvants.exe"= UDP:e:\program files\tvants\tvants.exe:TVAnts
    "UDP Query User{B07BF5C0-7BC5-427A-B041-BB913D8E509C}e:\\program files\\tvants\\tvants.exe"= TCP:e:\program files\tvants\tvants.exe:TVAnts
    "{912F3CBD-79BB-4586-9E94-5FF56111866C}"= UDP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{7849EFD2-AD29-4573-93CD-523196BB3DFF}"= TCP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
    "{124B3C57-8A77-4750-8723-7E4B769A37DF}"= UDP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{0E531CAC-AAD8-4BFF-83F9-E9E96814DD87}"= TCP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
    "{7CD28F38-5DCB-43A3-ADB1-8AF3048EB54D}"= UDP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "{9546D051-59B0-46E7-B5DE-B1EB30A5C5A9}"= TCP:e:\jeux\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
    "TCP Query User{0DE87DD6-B811-4C97-8813-E0D66DA3A2C5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{8FAB4CF4-62EF-40A7-B908-8156BE28299E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{D872930E-E1A1-4E26-93F2-C2A3D9C5E572}"= UDP:e:\jeux\Codemasters\GRID\GRID.exe:GRID
    "{996B0956-4520-482D-9A40-8E4F3BBDAB75}"= TCP:e:\jeux\Codemasters\GRID\GRID.exe:GRID
    "TCP Query User{3691479F-586B-4F55-8CA2-CA05AC08D953}e:\\jeux\\valve\\steam\\steamapps\\tete2brik\\counter-strike source\\hl2.exe"= UDP:e:\jeux\valve\steam\steamapps\tete2brik\counter-strike source\hl2.exe:hl2
    "UDP Query User{F5DC15E0-B065-4A0B-8D2C-DDAF04FAFF88}e:\\jeux\\valve\\steam\\steamapps\\tete2brik\\counter-strike source\\hl2.exe"= TCP:e:\jeux\valve\steam\steamapps\tete2brik\counter-strike source\hl2.exe:hl2
    "{1ABC4B40-D64D-4D2C-89B1-C75798F1CC36}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
    "{65CFF084-28B8-4DFB-BC59-11ED19C4E186}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
    "{2A57BFFA-BAC1-4065-BEB5-CD226CEA2A18}"= Disabled:UDP:e:\jeux\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{CF4F1A30-59FB-4A1A-99D7-097C01A894E0}"= Disabled:TCP:e:\jeux\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{65BB55AB-39D1-4836-A003-34B29D8E29EB}"= UDP:e:\jeux\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
    "{38935943-FF16-4E6F-856E-1497D732B5F4}"= TCP:e:\jeux\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
    "{CEB12F0B-8C4E-400F-BBE6-B803EE4DE039}"= UDP:e:\jeux\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{AE7E7A25-500D-4AC7-8827-2688C9ACF976}"= TCP:e:\jeux\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{4E7FBB53-B037-4AC4-8DF2-0E960D04A34F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{9CDCA8A3-7AC3-40A0-A2EB-8DEBBED4B161}"= UDP:e:\jeux\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{6DA7449C-9E63-49FE-A095-3571A4506869}"= TCP:e:\jeux\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "TCP Query User{9A338FF7-E6F6-475B-9475-93DEBA1CEF08}e:\\jeux\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:e:\jeux\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "UDP Query User{5A4EC517-0F28-4405-B95D-785666638614}e:\\jeux\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:e:\jeux\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
    "{EF8F1957-29A5-4EDB-8D5B-9D84908032A3}"= UDP:e:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
    "{C97CC3F4-70D7-46FE-BE94-027B448ED213}"= TCP:e:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
    "{94260B0B-C737-4F81-B687-CD1C5CB6E161}"= UDP:e:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
    "{A87F3EC5-2E7A-43D1-9AC6-ED0EDE905A92}"= TCP:e:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
    "{813C8279-94AF-4833-A1FE-1D29BF9688C3}"= UDP:e:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
    "{8275C624-773D-475F-A762-F3F54D7F8F22}"= TCP:e:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
    "{5E96AAA1-7384-48AC-9ED2-BDBFCFEABD68}"= UDP:e:\jeux\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
    "{BBA322E6-C672-4D2F-855B-07F38E2596C1}"= TCP:e:\jeux\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
    "{DB7E52F7-C305-4749-9C25-E2F5A77C7FEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{1C53488A-BE9A-4AD5-826B-9C6C5C057751}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{AE42A542-5ABF-4479-B650-3E1276F62B5D}"= UDP:e:\program files\iTunes\iTunes.exe:iTunes
    "{1403FF0D-24C5-4BD8-AFDB-73E6F69BC3FF}"= TCP:e:\program files\iTunes\iTunes.exe:iTunes
    "{CC9EE8A4-9ED5-4FFA-A3F1-9093344F9394}"= Disabled:UDP:e:\jeux\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
    "{DBB4CFE6-D16C-45E6-A58F-0A4ABD733281}"= Disabled:TCP:e:\jeux\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
    "{09120AE0-0440-4A27-B38F-7C6091ED6A69}"= UDP:e:\jeux\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{99C0194B-1D4F-41DC-AA7A-BCD4182868B7}"= TCP:e:\jeux\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
    "{0DF36CF7-110A-470F-973C-682A53FAB917}"= UDP:e:\jeux\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{1AB9A5A9-DE0B-4B91-ADC0-72B52A954495}"= TCP:e:\jeux\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
    "{9126EE4F-3EF3-4A32-9700-D8B9E8348724}"= UDP:80:DL32
    "{F5526ABE-1E4E-4947-AAB1-708FAEA46383}"= UDP:7171:DL32

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "DisableNotifications"= 1 (0x1)

    R2 gupdate1c996b3575e4932;Google Update Service (gupdate1c996b3575e4932);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 133104]
    R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
    S1 aswSP;avast! Self Protection; [x]
    S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};e:\program files\PowerDVD\[u]0/u00.fcl [2006-11-02 15:51 13560]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5522fec1-8745-11dd-b48e-001bfcd29768}]
    \shell\AutoRun\command - L:\autorun.exe
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=localhost:7171
    IE: E&xporter vers Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - e:\jeux\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    FF - ProfilePath - c:\users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\sfhomypj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.lemonde.fr/
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 7171
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\sfhomypj.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
    FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: e:\program files\VLC\npvlc.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-01 11:56
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.aif"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.aifc"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.aiff"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Ant Movie Catalog"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.bmp"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.cda"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.cdda"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.dcx"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.dib"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.emf"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.gif"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipa"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipg"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipsw"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itb"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itl"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itms"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itpc"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.jfif"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.jif"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.jpe"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.jpeg"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.jpg"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m3u"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m3u8"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4a"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4b"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4p"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4r"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4v"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.mp2"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.mp3"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\GOM.exe"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.pcast"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.pcx"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.pic"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.pls"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.png"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.rle"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.tga"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.tif"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.tiff"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.wav"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.wave"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.wbm"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.wbmp"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.wmf"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ACDSee 9.0.xif"

    [HKEY_USERS\S-1-5-21-837058442-2612039814-1966155014-500\Software\SecuROM\License information*]
    "datasecu"=hex:df,12,ea,ea,df,50,4d,6f,57,77,01,3f,b1,92,12,6b,ec,eb,53,dc,ea,
    c8,75,aa,01,65,3e,ab,49,62,45,99,73,22,b9,47,bc,07,78,20,07,38,bd,aa,91,48,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d3,ef,53,b5,61,
    cc,d3,7d,2e,e8,e1,00,eb,16,2b,de,0b,8d,12,7e,ba,d9,d5,7c,e2,63,26,f1,3f,c8,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,64,d7,7a,5a,b8,
    82,a0,42,46,47,15,b0,92,4b,c7,ef,3c,3d,5f,cb,a8,fa,17,bf,6a,9c,d6,61,af,45,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,92,64,cd,c8,18,
    17,64,34,7a,45,05,fd,91,e8,6f,31,c3,64,6b,67,0e,8f,cd,22,ff,7c,85,e0,43,d4,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,f1,06,3e,84,5a,
    ec,dc,da,6b,65,49,6a,7e,99,74,f7,bb,1c,63,df,75,0d,98,c9,86,8c,21,01,be,91,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,04,bc,40,6e,ca,
    dc,c8,49,e9,02,6c,fa,fb,1d,47,57,1f,6a,fe,79,a0,b2,b5,86,f5,1d,4d,73,a8,13,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bc,2a,ca,b5,3a,
    8e,9f,26,50,93,e5,ab,ec,6a,4e,ab,b9,06,53,4b,7f,7e,a4,24,df,20,58,62,78,6b,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,6d,72,21,37,b1,
    10,b6,56,97,20,4e,9a,c7,f1,35,ee,0b,1c,e1,48,73,0d,24,9c,fb,a7,78,e6,12,2f,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.9"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx, 1"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\Flash9e.ocx, 1"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe,-101"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,a2,4c,79,e5,d8,
    64,d4,71,aa,52,c6,00,84,3c,26,64,e7,c8,c1,a3,d6,4b,50,82,01,3a,48,fc,e8,04,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,a5,59,ef,94,44,
    5e,4d,02,b2,46,9a,e2,1b,fe,1b,94,4e,8f,a2,45,5c,a0,4d,0a,f6,0f,4e,58,98,5b,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,98,28,57,f0,81,
    c1,c2,b6,37,a4,aa,c3,a6,15,56,0a,aa,d9,b6,cb,58,a4,6d,0a,3d,ce,ea,26,2d,45,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b5,f7,38,3f,71,
    45,e4,0a,f8,31,0f,a9,5f,a0,ec,fb,e8,17,cc,f5,70,53,bf,97,2a,b7,cc,b5,b9,7f,\

    [HKEY_USERS\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\Windows\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,d3,9a,e5,6f,18,
    41,c1,45,05,73,21,dd,54,d8,4a,c5,1b,97,d2,de,72,85,cd,b4,6c,43,2d,1e,aa,22,\

    [HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"

    [HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)

    [HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"

    [HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""

    [HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"

    [HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="B4C8D8F836B052F860DF30C455F341B7E0979E7D64C922391D96139450302BC2901A5547B369561E31B63015E94CF55E2D33ECCFEC9E9733EFE8A1338587BA4779C25092CE0C52398ABCCD8C051E1C961A7D7FDD25B8C4761FFA6BB55D15D994AAB413A150DF1109CA749D8C2390DB874AABD7415EC14C34B4D27D0D1EA14805AF65D7E1947090B224E6A91AD51210BF36766CB980A508848C7A5B52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A2D97226D213B555419D88737875FEA3FEB5F29C3068A7B10EE1E4FCAAF914A42B3996E50119C3A203DE331D103A31A74F1C036442FD6361C50FD9A625EA48175E6B61A1D0AC5FA75B47A8AC27F13A9032FA8D0A54CE478B388BEB4D2B366A36213028C4CFFBF0CB54DAFB072CEEC876085723FCB77D0D21B6FEC90797F0E3E75C7055327BAAAE1089E07476E104FC90C07C878D18AF63B42852D34F963091BA8C5587AC27E14017AD668D28620CED3FE376B4F2710EEE7B883521862B8FC05C414F12DCF94A422D873A782E18E1A6028B95564814C5C4526798796FA9AC38A29F117A4F6E17C73D6C7296FB4367A2806570CC0C258A72B7E7B25BB13EAB2F835E12FC74527853584D65006D7701D58435DEAD9F9D90F3CD417EF8586431509CCB0E06204A29E0B32A30813D1D96A67ACFFE404A4A12BE5C3E3935D2EFE9BDAD4603398B4B635AA717B2990F6F94ECF59F310136CA4C384D3E652CF405038999C3B4EBD2A1E623B1BE92FAE77DEDF82CA31BA1F016013DB0B4C8AB761E30BD684AA92B766BF60F725EB40F2F2C940BF66DA6066EF2769AB9A9EDB37108A7D4C6F82EB25A9ADA673047C77035B383DAD4A4004604FEF5943DB72379656624BE04FDCF7748776069515DBBEDA99DB590668117306C2BCC63378D7B67B72D6360149F639DEA1C5446E39C448BA24CABCCF2D3A4C1463BCB2FC7EF4A1C2DA72A910F34FE8154F68D231A8F590219F1EA1E647D9D3313C94B1AAFB42CE6F3723D1EB0A7FEB1F64BE017C658383BE996FC0E4774C2E93AC122B4D7C7FE4E1880E747D87C806E2D302BB1642D5F58D7166C14CDC293048565308649A7E38C9095783E0DC468B0328FCB730ED5932B07A04B1FCE8854512448D48BB469C18EB24D42ADF12B5D222628A7CF07B15E3C033AAD9144F58F562854F733EB3243F4B8161B31D6E94A228E8D2431B230094636B8AC41CAD1924C0745825E6540D59645AF5FD6A8D1DEC153A62F741AD627B9F2CAE37726776D9F1C2D60E53D5EAA7CD9306B257DC60E48C0AD366B69BF89B9F06DF5F3BAD2F56F266F061432F33964DD82A3148CC28E308732AE5973184B9D467606E612694592464567A8A6F63C409C"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(4860)
    e:\program files\Microsoft Virtual PC\VPCShExH.DLL
    .
    Heure de fin: 2009-05-01 11:57
    ComboFix-quarantined-files.txt 2009-05-01 09:57

    Avant-CF: 66 179 379 200 octets libres
    Après-CF: 66 161 356 800 octets libres

    588 --- E O F --- 2009-01-10 13:58
    0
  16. Utilisateur anonyme
     
    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    c:\users\Administrateur\AppData\Roaming\GetValue.vbs
    c:\users\ADMINI~1\AppData\Roaming\GetValue.vbs
    c:\windows\t55ft2692f44.dat
    C:\mrypqar.exe
    c:\windows\7185F.exe
    c:\users\Administrateur\AppData\Roaming\SetValue.bat
    c:\windows\system32\drivers\glaide32.sys

    :commands
    [emptytemp]
    [start explorer]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
  17. buse
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    c:\users\Administrateur\AppData\Roaming\GetValue.vbs moved successfully.
    File/Folder c:\users\ADMINI~1\AppData\Roaming\GetValue.vbs not found.
    c:\windows\t55ft2692f44.dat moved successfully.
    C:\mrypqar.exe moved successfully.
    c:\windows\7185F.exe moved successfully.
    c:\users\Administrateur\AppData\Roaming\SetValue.bat moved successfully.
    c:\windows\system32\drivers\glaide32.sys moved successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05012009_121012

    Files moved on Reboot...
    File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    0
  18. Utilisateur anonyme
     
    Telecharge malwarebytes
    https://www.malwarebytes.com/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  19. buse
     
    echec dans la mise a jour du logiciel
    pour info je n'ai plus acces a internet depuis le pc infecté du coup je transfert les fichiers d'un autre pc par clé usb
    je continue quand meme?
    0
  20. buse
     
    RAS apparement
    voici le rapport :

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 1945
    Windows 6.0.6001 Service Pack 1

    01/05/2009 12:29:34
    mbam-log-2009-05-01 (12-29-34).txt

    Type de recherche: Examen rapide
    Eléments examinés: 67194
    Temps écoulé: 2 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  • 1
  • 2
  • 3