Cheval de troie: packed.win32.Tdss.c
raikkonen1986
Messages postés
150
Date d'inscription
Statut
Membre
Dernière intervention
-
sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention -
sKe69 Messages postés 21360 Date d'inscription Statut Contributeur sécurité Dernière intervention -
bonjour tout le monde kaspersky a trouver le cheval de troie: packed.win32.Tdss.c aidez moi svp pour m'en debarasser sachant que le virus m'empeche d'execute le gestionaire des tache et m'empeche douvrir mes disuqe merci d'avance.
A voir également:
- Gspy hid device
- Gspy hid device c est quoi - Meilleures réponses
- Gspy device - Meilleures réponses
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Être à cheval entre deux choses - Forum Études / Formation High-Tech
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Cheval de troie virus comment le supprimer ✓ - Forum Virus
- Cheval de troie virus - Accueil - Virus
50 réponses
Re,
tu n'as pas fais la purge de la restauration systeme !!! J'aimerais bien que tu suives les instruction à la lettre !!!
Si tu rencontre une difficulté , faut me le dire .... Bref , on refera cette purge en fin de désinfection ... et si il y a prb avec cette manoeuvre , tu m'en feras part ...
Et merci de me faire parvenir le rapport de Toolscleaner que j'ai demandé ...je te donnerai la suite des opérations une fois que je l'aurai contrôlé ...
tu n'as pas fais la purge de la restauration systeme !!! J'aimerais bien que tu suives les instruction à la lettre !!!
Si tu rencontre une difficulté , faut me le dire .... Bref , on refera cette purge en fin de désinfection ... et si il y a prb avec cette manoeuvre , tu m'en feras part ...
Et merci de me faire parvenir le rapport de Toolscleaner que j'ai demandé ...je te donnerai la suite des opérations une fois que je l'aurai contrôlé ...
J'AI PAS PLACé DE PLASH DISK NI DE DISQUE EXTERNE CAR J4EN AI PAS QUI SONT INFECTés.
> heu ... tu te trompes LOURDEMENT !!!! ... donc j'aimerai que pour la suite , tu fasses exactement ce que je te demande ... donc si tu as des unité externes , merci de la branché aux PC pour la suite !!!! Sinon ,c'est pas la peine de continuer car dès que tu les rebrancheras , tu te réinfecteras aussitôt ...
la suite :
1- ! Déconnecte toi d'internet et ferme toutes applications en cours !
IMPERATIF:
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) mais sans les ouvrir ! .
# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil .
# Cette fois ci , tu choisis l' option 2 ( Suppression ) .
> Ton bureau disparaitra et le pc redémarrera ( c'est normal ).
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche à rien .
# Une fois terminé, poste le nouveau rapport UsbFix.txt qui apparaitra avec le bureau .
( Le rapport est en outre sauvegardé à la racine du disque maitre > C:\UsbFix.txt ).
==========================
2- refais un scan RSIT , poste le nouveau "log.txt" obtenu et attends la suite ....
> heu ... tu te trompes LOURDEMENT !!!! ... donc j'aimerai que pour la suite , tu fasses exactement ce que je te demande ... donc si tu as des unité externes , merci de la branché aux PC pour la suite !!!! Sinon ,c'est pas la peine de continuer car dès que tu les rebrancheras , tu te réinfecteras aussitôt ...
la suite :
1- ! Déconnecte toi d'internet et ferme toutes applications en cours !
IMPERATIF:
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) mais sans les ouvrir ! .
# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil .
# Cette fois ci , tu choisis l' option 2 ( Suppression ) .
> Ton bureau disparaitra et le pc redémarrera ( c'est normal ).
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche à rien .
# Une fois terminé, poste le nouveau rapport UsbFix.txt qui apparaitra avec le bureau .
( Le rapport est en outre sauvegardé à la racine du disque maitre > C:\UsbFix.txt ).
==========================
2- refais un scan RSIT , poste le nouveau "log.txt" obtenu et attends la suite ....
Re,
tu n'as branché aucune unité externe ... c'est bien simple : si tu en as , elles sont infectés et dès que tu les rebrancheras , cette saloperie reviendra pourrir ton PC et faudra pas venir pleurer ! ...
bref , on continue ... dans l'ordre :
1- Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "français" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.
Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
---> Utilisation:
*Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .
( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )
=======================
( Faut vérifier de suite un fichier très suspect )
2- Avoir accès aux fichiers cachés :
Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
3- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va j'usqu'au fichier demandé ) :
D:\Program Files\Bifrost\server.exe
Clique sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Une fois se rapport posté , fais ce qui suit :
========================
3- Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Rapide" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport RSIT pour analyse ...
tu n'as branché aucune unité externe ... c'est bien simple : si tu en as , elles sont infectés et dès que tu les rebrancheras , cette saloperie reviendra pourrir ton PC et faudra pas venir pleurer ! ...
bref , on continue ... dans l'ordre :
1- Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "français" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.
Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
---> Utilisation:
*Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .
( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )
=======================
( Faut vérifier de suite un fichier très suspect )
2- Avoir accès aux fichiers cachés :
Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
3- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va j'usqu'au fichier demandé ) :
D:\Program Files\Bifrost\server.exe
Clique sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Une fois se rapport posté , fais ce qui suit :
========================
3- Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Rapide" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport RSIT pour analyse ...
Salut,
Edit > n'espère pas d'aide ici http://www.commentcamarche.net/forum/affich 12393218 probleme avec tell me more espagnol
faut pas pousser mémé dans les ortis non plus ! ... Tes cd piratés sur la Mule , tu les scratchs ... point bar ....
Pour Tdss , on va s'en occuper ... commence par faire ceci :
Télécharge ZHPDiag de Nicolas Coolman sur ton bureau :
-> http://www.premiumorange.com/zeb-help-process/download/ZHPDiag.zip
-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
!! déconnecte toi et ferme toutes tes applications en cours !!
* Clique droit sur le .zip que tu viens de télécharger et choisis " extraire tout " sur ton bureau ...
* Double-clique sur "ZHPDiag.exe" pour lancer l'outil :
> Clique sur le bouton " Tous " ( important ).
> puis clique sur le bouton de "la loupe" pour lancer le scan .
Laisses travailler l'outil ...
> Une fois terminé , le rapport s'affiche : clique sur bouton "appareil photo" pour sauvegarder le rapport obtenu ...
Enregistres bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).
Puis ferme le programme ...
Enfin , fais un copier/coller du contenu du rapport sauvegardé dans ta prochaine réponse pour analyse ( si le rapport est trop long pour le forum , poste le en 2 fois ) .
Edit > n'espère pas d'aide ici http://www.commentcamarche.net/forum/affich 12393218 probleme avec tell me more espagnol
faut pas pousser mémé dans les ortis non plus ! ... Tes cd piratés sur la Mule , tu les scratchs ... point bar ....
Pour Tdss , on va s'en occuper ... commence par faire ceci :
Télécharge ZHPDiag de Nicolas Coolman sur ton bureau :
-> http://www.premiumorange.com/zeb-help-process/download/ZHPDiag.zip
-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
!! déconnecte toi et ferme toutes tes applications en cours !!
* Clique droit sur le .zip que tu viens de télécharger et choisis " extraire tout " sur ton bureau ...
* Double-clique sur "ZHPDiag.exe" pour lancer l'outil :
> Clique sur le bouton " Tous " ( important ).
> puis clique sur le bouton de "la loupe" pour lancer le scan .
Laisses travailler l'outil ...
> Une fois terminé , le rapport s'affiche : clique sur bouton "appareil photo" pour sauvegarder le rapport obtenu ...
Enregistres bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).
Puis ferme le programme ...
Enfin , fais un copier/coller du contenu du rapport sauvegardé dans ta prochaine réponse pour analyse ( si le rapport est trop long pour le forum , poste le en 2 fois ) .
merci voila le rapport:
Rapport de ZHPDiag v1.20 par Nicolas Coolman
Enregistré le 10/05/2009 18:56:59
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox (3.0.4)
---\\ Processus lancés
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\WINDOWS\system32\wscript.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\spoolsv.exe
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTFMON] D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [regdiit] D:\WINDOWS\system32\winxp.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra 'Tools' menuitem: Statistiques de la protection du trafic Internet - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe,302
---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: D:\WINDOWS\System32\cbXNHyaA.dll
O20 - Winlogon Notify: DfEventStartup - D:\WINDOWS\System32\LogonDll.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\fccbXonN.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\hgGwTlLb.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\igfxdev.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\khfCtuvu.dll
O20 - Winlogon Notify: WLEventStart - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\pmnnkLFX.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\rqRHyxvw.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\tuvUNedD.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Kaspersky Internet Security (AVP) - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r
O23 - Service: DF5Serv (DF5Serv) - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Spouleur d'impression (Spooler) - D:\WINDOWS\system32\spoolsv.exe
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - D:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - D:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - D:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall D:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: (no name) - {9D71D88C-C598-4935-C5D1-43AA4DB90836} - D:\Program Files\Bifrost\server.exe s
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player 9 ActiveX - {D27CDB6E-AE6D-11cf-96B8-444553540000} - D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Broadcom NetXtreme Gigabit Ethernet (b57w2k) - C:\WINDOWS\system32\DRIVERS\b57xp32.sys
O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote de fonction Microsoft UAA pour Service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: Pilote de bus Microsoft UAA pour High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Pilote de classe HID Microsoft (hidusb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: (no object) (ialm) - C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Kl1 (kl1) - C:\WINDOWS\system32\drivers\kl1.sys
O41 - Driver: Kaspersky Lab Boot Guard Driver (klbg) - C:\WINDOWS\system32\drivers\klbg.sys
O41 - Driver: Kaspersky Lab KLFltDev (KLFLTDEV) - C:\WINDOWS\system32\DRIVERS\klfltdev.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) - C:\WINDOWS\system32\DRIVERS\klif.sys
O41 - Driver: Kaspersky Anti-Virus NDIS Filter (klim5) - C:\WINDOWS\system32\DRIVERS\klim5.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: LF30FS (LF30FS) - D:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote du Moniteur réseau (nm) - C:\WINDOWS\system32\DRIVERS\NMnt.sys
O41 - Driver: NetGroup Packet Filter Driver (NPF) - C:\WINDOWS\system32\drivers\npf.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Logitech QuickCam Communicate (QCMerced) - C:\WINDOWS\system32\DRIVERS\LVCM.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - D:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote USB audio (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Concentrateur USB2 (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Pilote de stockage de masse USB (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Logitech Virtual Bus Enumerator Driver (WmBEnum) - C:\WINDOWS\system32\drivers\WmBEnum.sys
O41 - Driver: Logitech Gaming HID Filter Driver (WmFilter) - C:\WINDOWS\system32\drivers\WmFilter.sys
O41 - Driver: Logitech Gaming USB Filter Driver (WmHidLo) - C:\WINDOWS\system32\drivers\WmHidLo.sys
O41 - Driver: Logitech Virtual Hid Device Driver (WmVirHid) - C:\WINDOWS\system32\drivers\WmVirHid.sys
O41 - Driver: Logitech Translation Layer Driver (WmXlCore) - C:\WINDOWS\system32\drivers\WmXlCore.sys
O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player 9 ActiveX
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: F1 WCP 2009
O42 - Logiciel: Foxit Reader
O42 - Logiciel: High Definition Audio - KB888111
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver
O42 - Logiciel: Internet Download Manager
O42 - Logiciel: KP-Anti Mosquitoes
O42 - Logiciel: Kaspersky Internet Security 2009
O42 - Logiciel: Lock Folder XP 3.6
O42 - Logiciel: Logiciel QuickCam de Logitech
O42 - Logiciel: Logitech Gaming Software 5.02
O42 - Logiciel: Messenger Plus! Live
O42 - Logiciel: Mozilla Firefox (3.0.4)
O42 - Logiciel: NeoTrace Express 3.25
O42 - Logiciel: PhotoFiltre
O42 - Logiciel: Programme de gestion Camera de Logitech®
O42 - Logiciel: RealPlayer
O42 - Logiciel: SWF Opener
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: SnagIt 7
O42 - Logiciel: Storm Codec
O42 - Logiciel: TeLL me More
O42 - Logiciel: VDownloader 0.82
O42 - Logiciel: VideoLAN VLC media player 0.8.6b
O42 - Logiciel: WinPcap 4.0.2
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Wireshark 1.0.7
---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Everstrike Software
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Skype
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\xing shared
---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - D:\WINDOWS\System32\$winnt$.inf -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\0f05b679-.txt -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\adednbas.ini -->16/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\aevagwtk.ini -->11/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\amcompat.tlb -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\anqntdrb.ini -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\aqberdfp.ini -->19/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\auraqlgn.ini -->28/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\awnadtrf.ini -->14/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bcyihljq.ini -->08/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bgtokhjn.ini -->08/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bhdsdrsu.ini -->09/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bthwjeme.ini -->13/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bvhvjlse.ini -->15/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\cdplayer.exe.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\cjboikln.ini -->05/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\CmdLineExt.dll -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\CONFIG.NT -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ddgjnchy.ini -->11/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\dlillmrb.ini -->18/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\dpyprvdu.ini -->10/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ejbskpry.ini -->01/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\emptyregdb.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\EMSAdMoq.ini -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\EMSAdMoq.ini2 -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ewotpgxk.ini -->02/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ezsidmv.dat -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\fhbrmaya.ini -->16/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\FNTCACHE.DAT -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\fwswmpla.ini -->31/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ghdsoycb.ini -->22/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\gijkoxgd.ini -->12/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\grjmaqfq.ini -->27/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\h323log.txt -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\hpvuerdc.ini -->07/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\hqpynqfn.ini -->11/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\iavtohhf.ini -->01/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jecboyte.ini -->13/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jhmchm.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jyoubmst.ini -->05/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\kdcohgnx.ini -->13/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\kqesusio.ini -->05/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ljhqpoop.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lmqiivjp.ini -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\logonui.exe.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lvcoinst.log -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lwpuojuu.ini -->22/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mcmupqax.ini -->31/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mjpddnow.ini -->12/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mqehhdbj.ini -->20/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ncpa.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nhpbakvy.ini -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nrcnfauk.ini -->06/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nscompat.tlb -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ntfjsoks.ini -->26/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nwc.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nydavynm.ini -->14/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oinlmylo.ini -->21/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ojetkhso.ini -->05/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oxtfxtoe.ini -->20/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oydcki.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfc009.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfc00C.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfh009.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfh00C.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\PerfStringBackup.INI -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pkfnfnev.ini -->27/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pncrt.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pndx5016.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pndx5032.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\qxudfbss.ini -->04/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\rislonph.ini -->04/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\rmoc3260.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sagrpgwc.ini -->12/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sapi.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sgxdviyq.ini -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\tjftubkk.ini -->25/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\tunnxqaj.ini -->12/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\uabrtokf.ini -->29/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\umaekiqv.ini -->28/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\usleuyeq.ini -->10/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\uxtheme.dll -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\vqiwnnof.ini -->07/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\vqjsbovx.ini -->26/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wcpyxfru.ini -->03/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\WindowsLogon.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\winjpg.jpg -->10/05/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wpa.dbl -->10/05/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wuaucpl.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wwsixjmh.ini -->23/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xbbakdxl.ini -->03/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xceyihmw.ini -->29/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xheabuxb.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xtjpbu.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ygqllvur.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ynmdslxp.ini -->30/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ypsfpmci.ini -->23/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yrucjmif.ini -->08/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yskeccll.ini -->09/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yudemyro.ini -->15/03/2009
...........................suite................................. 2eme page......................
Rapport de ZHPDiag v1.20 par Nicolas Coolman
Enregistré le 10/05/2009 18:56:59
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox (3.0.4)
---\\ Processus lancés
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\WINDOWS\system32\wscript.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\spoolsv.exe
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTFMON] D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [regdiit] D:\WINDOWS\system32\winxp.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra 'Tools' menuitem: Statistiques de la protection du trafic Internet - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe,302
---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: D:\WINDOWS\System32\cbXNHyaA.dll
O20 - Winlogon Notify: DfEventStartup - D:\WINDOWS\System32\LogonDll.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\fccbXonN.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\hgGwTlLb.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\igfxdev.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\khfCtuvu.dll
O20 - Winlogon Notify: WLEventStart - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\pmnnkLFX.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\rqRHyxvw.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\tuvUNedD.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Kaspersky Internet Security (AVP) - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r
O23 - Service: DF5Serv (DF5Serv) - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Spouleur d'impression (Spooler) - D:\WINDOWS\system32\spoolsv.exe
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - D:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - D:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - D:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall D:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: (no name) - {9D71D88C-C598-4935-C5D1-43AA4DB90836} - D:\Program Files\Bifrost\server.exe s
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player 9 ActiveX - {D27CDB6E-AE6D-11cf-96B8-444553540000} - D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Broadcom NetXtreme Gigabit Ethernet (b57w2k) - C:\WINDOWS\system32\DRIVERS\b57xp32.sys
O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote de fonction Microsoft UAA pour Service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: Pilote de bus Microsoft UAA pour High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Pilote de classe HID Microsoft (hidusb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: (no object) (ialm) - C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Kl1 (kl1) - C:\WINDOWS\system32\drivers\kl1.sys
O41 - Driver: Kaspersky Lab Boot Guard Driver (klbg) - C:\WINDOWS\system32\drivers\klbg.sys
O41 - Driver: Kaspersky Lab KLFltDev (KLFLTDEV) - C:\WINDOWS\system32\DRIVERS\klfltdev.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) - C:\WINDOWS\system32\DRIVERS\klif.sys
O41 - Driver: Kaspersky Anti-Virus NDIS Filter (klim5) - C:\WINDOWS\system32\DRIVERS\klim5.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: LF30FS (LF30FS) - D:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote du Moniteur réseau (nm) - C:\WINDOWS\system32\DRIVERS\NMnt.sys
O41 - Driver: NetGroup Packet Filter Driver (NPF) - C:\WINDOWS\system32\drivers\npf.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Logitech QuickCam Communicate (QCMerced) - C:\WINDOWS\system32\DRIVERS\LVCM.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - D:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote USB audio (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Concentrateur USB2 (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Pilote de stockage de masse USB (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Logitech Virtual Bus Enumerator Driver (WmBEnum) - C:\WINDOWS\system32\drivers\WmBEnum.sys
O41 - Driver: Logitech Gaming HID Filter Driver (WmFilter) - C:\WINDOWS\system32\drivers\WmFilter.sys
O41 - Driver: Logitech Gaming USB Filter Driver (WmHidLo) - C:\WINDOWS\system32\drivers\WmHidLo.sys
O41 - Driver: Logitech Virtual Hid Device Driver (WmVirHid) - C:\WINDOWS\system32\drivers\WmVirHid.sys
O41 - Driver: Logitech Translation Layer Driver (WmXlCore) - C:\WINDOWS\system32\drivers\WmXlCore.sys
O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player 9 ActiveX
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: F1 WCP 2009
O42 - Logiciel: Foxit Reader
O42 - Logiciel: High Definition Audio - KB888111
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver
O42 - Logiciel: Internet Download Manager
O42 - Logiciel: KP-Anti Mosquitoes
O42 - Logiciel: Kaspersky Internet Security 2009
O42 - Logiciel: Lock Folder XP 3.6
O42 - Logiciel: Logiciel QuickCam de Logitech
O42 - Logiciel: Logitech Gaming Software 5.02
O42 - Logiciel: Messenger Plus! Live
O42 - Logiciel: Mozilla Firefox (3.0.4)
O42 - Logiciel: NeoTrace Express 3.25
O42 - Logiciel: PhotoFiltre
O42 - Logiciel: Programme de gestion Camera de Logitech®
O42 - Logiciel: RealPlayer
O42 - Logiciel: SWF Opener
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: SnagIt 7
O42 - Logiciel: Storm Codec
O42 - Logiciel: TeLL me More
O42 - Logiciel: VDownloader 0.82
O42 - Logiciel: VideoLAN VLC media player 0.8.6b
O42 - Logiciel: WinPcap 4.0.2
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Wireshark 1.0.7
---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Everstrike Software
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Skype
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\xing shared
---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - D:\WINDOWS\System32\$winnt$.inf -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\0f05b679-.txt -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\adednbas.ini -->16/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\aevagwtk.ini -->11/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\amcompat.tlb -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\anqntdrb.ini -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\aqberdfp.ini -->19/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\auraqlgn.ini -->28/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\awnadtrf.ini -->14/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bcyihljq.ini -->08/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bgtokhjn.ini -->08/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bhdsdrsu.ini -->09/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bthwjeme.ini -->13/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bvhvjlse.ini -->15/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\cdplayer.exe.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\cjboikln.ini -->05/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\CmdLineExt.dll -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\CONFIG.NT -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ddgjnchy.ini -->11/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\dlillmrb.ini -->18/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\dpyprvdu.ini -->10/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ejbskpry.ini -->01/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\emptyregdb.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\EMSAdMoq.ini -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\EMSAdMoq.ini2 -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ewotpgxk.ini -->02/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ezsidmv.dat -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\fhbrmaya.ini -->16/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\FNTCACHE.DAT -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\fwswmpla.ini -->31/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ghdsoycb.ini -->22/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\gijkoxgd.ini -->12/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\grjmaqfq.ini -->27/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\h323log.txt -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\hpvuerdc.ini -->07/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\hqpynqfn.ini -->11/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\iavtohhf.ini -->01/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jecboyte.ini -->13/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jhmchm.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jyoubmst.ini -->05/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\kdcohgnx.ini -->13/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\kqesusio.ini -->05/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ljhqpoop.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lmqiivjp.ini -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\logonui.exe.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lvcoinst.log -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lwpuojuu.ini -->22/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mcmupqax.ini -->31/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mjpddnow.ini -->12/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mqehhdbj.ini -->20/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ncpa.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nhpbakvy.ini -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nrcnfauk.ini -->06/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nscompat.tlb -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ntfjsoks.ini -->26/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nwc.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nydavynm.ini -->14/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oinlmylo.ini -->21/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ojetkhso.ini -->05/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oxtfxtoe.ini -->20/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oydcki.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfc009.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfc00C.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfh009.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfh00C.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\PerfStringBackup.INI -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pkfnfnev.ini -->27/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pncrt.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pndx5016.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pndx5032.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\qxudfbss.ini -->04/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\rislonph.ini -->04/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\rmoc3260.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sagrpgwc.ini -->12/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sapi.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sgxdviyq.ini -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\tjftubkk.ini -->25/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\tunnxqaj.ini -->12/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\uabrtokf.ini -->29/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\umaekiqv.ini -->28/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\usleuyeq.ini -->10/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\uxtheme.dll -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\vqiwnnof.ini -->07/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\vqjsbovx.ini -->26/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wcpyxfru.ini -->03/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\WindowsLogon.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\winjpg.jpg -->10/05/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wpa.dbl -->10/05/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wuaucpl.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wwsixjmh.ini -->23/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xbbakdxl.ini -->03/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xceyihmw.ini -->29/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xheabuxb.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xtjpbu.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ygqllvur.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ynmdslxp.ini -->30/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ypsfpmci.ini -->23/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yrucjmif.ini -->08/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yskeccll.ini -->09/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yudemyro.ini -->15/03/2009
...........................suite................................. 2eme page......................
.................................suite..........................................
O44 - LFC:Last File Created - D:\WINDOWS\System32\yuyuxxpc.ini -->21/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\drivers\klbg.sys -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\drivers\klick.dat -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\drivers\klif.sys -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\drivers\klin.dat -->14/04/2009
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\2009[WCPV0.95].EXE-21E2C0F0.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\ALBUMDB2.EXE-1F918EF2.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-01B1A424.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-01E25140.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-0C4F3E5C.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-1CFDF315.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-372B7017.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-37D036A3.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AVP.EXE-0A47508B.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DAEMON-TOOLS_DAEMON_TOOLS_4.3-2107223B.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DAEMON.EXE-0B75103A.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DEMO.EXE-19FECFB2.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\EMULE.EXE-0DD0B8E8.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FFMPEG.EXE-03F9BDEC.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FRAUINST.EXE-257107B5.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FRZSTATE2K.EXE-142DF811.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FXSVR2.EXE-34D06B28.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\IEMONITOR.EXE-0115DD6D.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\IGFXEXT.EXE-05A27A3D.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\IGFXSRVC.EXE-1D88F978.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\KP-ANTI MOSQUITOES.EXE-062A5FE5.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\Layout.ini -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\LVCOMSX.EXE-30FB8DC0.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\MPLAYERC.EXE-040F3DAB.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\MSHTA.EXE-07121ECA.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\MSIMN.EXE-183B59AF.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\NTVDM.EXE-0A81AB7B.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\OPTIONS.EXE-0D4309F9.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\OPTIONS.EXE-19042ECB.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RASAUTOU.EXE-10B4F92F.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-0418296D.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\REALPLAY.EXE-05411014.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\REALSCHED.EXE-388D7C2D.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RFACTOR.EXE-127F5FA9.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RPHELPERAPP.EXE-10C6EAB7.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-3BF16E64.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-45DCDCA2.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-4667E400.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-47D37B13.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-4A5D22F6.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-4D620DBB.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-4F2EBBCC.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-57F8B3B3.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-608B29D6.pf -->07/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-63941812.pf -->07/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-665356A4.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-702E9502.pf -->07/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SETHC.EXE-1CFBDA64.pf -->07/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SETUP.EXE-05DC09F1.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SETUP.EXE-0F40F254.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SETUP.EXE-24CA9937.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SKYPE.EXE-2EAF99A0.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SKYPEPM.EXE-082BC99E.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SNAGIT32.EXE-3420D529.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SNDVOL32.EXE-0EC6FD20.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SPTDINST-X86.EXE-2C8902BB.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TMM.EXE-1F44E852.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TMM.EXE-26CBA2B5.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TSCHELP.EXE-2B9A55E1.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TUTORIAL.EXE-36433C7E.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNINST1.EXE-0000824B.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNINSTAL.EXE-115658B7.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNINSTALL.EXE-219D3782.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNSETUP.EXE-04C8109D.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNSETUP.EXE-2CAF742C.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNWISE.EXE-15313B2C.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UPSET.EXE-0F6E52F6.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UPSET.EXE-345C6692.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UPSET.EXE-357F761A.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\USNSVC.EXE-0114DAF6.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UTORRENT.EXE-01137797.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\VDOWNLOADER.EXE-2C843F54.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\VER40.EXE-076C3352.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\VLC.EXE-02F29DFD.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WINHLP32.EXE-16D564B3.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WINXP.EXE-2000DA44.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF804.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF805.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF808.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WSCRIPT.EXE-0C5C5251.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\_INS0366._MP-29A06DF3.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\_INS0466._MP-38192B1C.pf -->10/05/2009
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - shell32.dll
---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
O47 - AAKE:Key Export - "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
O47 - AAKE:Key Export - "D:\Documents and Settings\KIMI\Local Settings\Temp\IXP000.TMP\pes2009.exe"="D:\Documents and Settings\KIMI\Local Settings\Temp\IXP000.TMP\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
O47 - AAKE:Key Export - "D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
O47 - AAKE:Key Export - "D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
O47 - AAKE:Key Export - "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - D:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - D:\WINDOWS\System32\scecli.dll
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys
---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - drwtsn32.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - dwwinxp.exe - D:\WINDOWS\system32\winxp.exe
O50 - IEFO:Image File Execution Options - MSConfig.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - procexp.exe - \winxp.exe
O50 - IEFO:Image File Execution Options - regedit.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - rstrui.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - taskmgr.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{05c0fbf0-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
O51 - MPSK:{05c0fbf3-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
O51 - MPSK:{0a531dd2-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command - F:\Setup.exe Ver40
O51 - MPSK:{0a531dd3-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command - I:\AUTOTMM.EXE Ver40
O51 - MPSK:{0a531dd4-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command - G:\AUTOTMM.EXE Ver40
O51 - MPSK:{0a531dd5-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command - H:\AUTOTMM.EXE Ver40
O51 - MPSK:{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
O51 - MPSK:{fcb432df-1890-11de-95f9-003005c6503c}\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="lvcodec2.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="D:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.ffds"="ff_vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.XVID"="xvidvfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.vorbis"="vorbis.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.voxacm160"="vct3216.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP60"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP61"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP62"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP6F"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.FLV4"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.vp70"="vp7vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux1"="wdmaud.drv"
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=0
End of the scan:
O44 - LFC:Last File Created - D:\WINDOWS\System32\yuyuxxpc.ini -->21/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\drivers\klbg.sys -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\drivers\klick.dat -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\drivers\klif.sys -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\drivers\klin.dat -->14/04/2009
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\2009[WCPV0.95].EXE-21E2C0F0.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\ALBUMDB2.EXE-1F918EF2.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-01B1A424.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-01E25140.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-0C4F3E5C.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-1CFDF315.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-372B7017.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AUTOTMM.EXE-37D036A3.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\AVP.EXE-0A47508B.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DAEMON-TOOLS_DAEMON_TOOLS_4.3-2107223B.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DAEMON.EXE-0B75103A.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DEMO.EXE-19FECFB2.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\EMULE.EXE-0DD0B8E8.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FFMPEG.EXE-03F9BDEC.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FRAUINST.EXE-257107B5.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FRZSTATE2K.EXE-142DF811.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\FXSVR2.EXE-34D06B28.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\IEMONITOR.EXE-0115DD6D.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\IGFXEXT.EXE-05A27A3D.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\IGFXSRVC.EXE-1D88F978.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\KP-ANTI MOSQUITOES.EXE-062A5FE5.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\Layout.ini -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\LVCOMSX.EXE-30FB8DC0.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\MPLAYERC.EXE-040F3DAB.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\MSHTA.EXE-07121ECA.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\MSIMN.EXE-183B59AF.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\NTVDM.EXE-0A81AB7B.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\OPTIONS.EXE-0D4309F9.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\OPTIONS.EXE-19042ECB.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RASAUTOU.EXE-10B4F92F.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-0418296D.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\REALPLAY.EXE-05411014.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\REALSCHED.EXE-388D7C2D.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RFACTOR.EXE-127F5FA9.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RPHELPERAPP.EXE-10C6EAB7.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-3BF16E64.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-45DCDCA2.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-4667E400.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-47D37B13.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-4A5D22F6.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-4D620DBB.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-4F2EBBCC.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-57F8B3B3.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-608B29D6.pf -->07/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-63941812.pf -->07/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-665356A4.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\RUNDLL32.EXE-702E9502.pf -->07/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SETHC.EXE-1CFBDA64.pf -->07/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SETUP.EXE-05DC09F1.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SETUP.EXE-0F40F254.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SETUP.EXE-24CA9937.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SKYPE.EXE-2EAF99A0.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SKYPEPM.EXE-082BC99E.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SNAGIT32.EXE-3420D529.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SNDVOL32.EXE-0EC6FD20.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\SPTDINST-X86.EXE-2C8902BB.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TMM.EXE-1F44E852.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TMM.EXE-26CBA2B5.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TSCHELP.EXE-2B9A55E1.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\TUTORIAL.EXE-36433C7E.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNINST1.EXE-0000824B.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNINSTAL.EXE-115658B7.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNINSTALL.EXE-219D3782.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNSETUP.EXE-04C8109D.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNSETUP.EXE-2CAF742C.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UNWISE.EXE-15313B2C.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UPSET.EXE-0F6E52F6.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UPSET.EXE-345C6692.pf -->06/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UPSET.EXE-357F761A.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\USNSVC.EXE-0114DAF6.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\UTORRENT.EXE-01137797.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\VDOWNLOADER.EXE-2C843F54.pf -->08/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\VER40.EXE-076C3352.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\VLC.EXE-02F29DFD.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WINHLP32.EXE-16D564B3.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WINXP.EXE-2000DA44.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF804.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF805.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF808.pf -->09/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\WSCRIPT.EXE-0C5C5251.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\_INS0366._MP-29A06DF3.pf -->10/05/2009
O45 - LFCP:Last File Created Prefetch - D:\WINDOWS\Prefetch\_INS0466._MP-38192B1C.pf -->10/05/2009
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - shell32.dll
---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
O47 - AAKE:Key Export - "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
O47 - AAKE:Key Export - "D:\Documents and Settings\KIMI\Local Settings\Temp\IXP000.TMP\pes2009.exe"="D:\Documents and Settings\KIMI\Local Settings\Temp\IXP000.TMP\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
O47 - AAKE:Key Export - "D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
O47 - AAKE:Key Export - "D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
O47 - AAKE:Key Export - "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - D:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - D:\WINDOWS\System32\scecli.dll
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\nm.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys
---\\ Image File Execution Options (IFEO) (O50)
O50 - IEFO:Image File Execution Options - drwtsn32.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - dwwinxp.exe - D:\WINDOWS\system32\winxp.exe
O50 - IEFO:Image File Execution Options - MSConfig.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - procexp.exe - \winxp.exe
O50 - IEFO:Image File Execution Options - regedit.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - rstrui.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - taskmgr.exe - D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
---\\ MountPoints2 Shell Key (MPSK) (O51)
O51 - MPSK:{05c0fbf0-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
O51 - MPSK:{05c0fbf3-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
O51 - MPSK:{0a531dd2-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command - F:\Setup.exe Ver40
O51 - MPSK:{0a531dd3-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command - I:\AUTOTMM.EXE Ver40
O51 - MPSK:{0a531dd4-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command - G:\AUTOTMM.EXE Ver40
O51 - MPSK:{0a531dd5-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command - H:\AUTOTMM.EXE Ver40
O51 - MPSK:{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
O51 - MPSK:{fcb432df-1890-11de-95f9-003005c6503c}\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="lvcodec2.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="D:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.ffds"="ff_vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.XVID"="xvidvfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.vorbis"="vorbis.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.voxacm160"="vct3216.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP60"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP61"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP62"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP6F"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.FLV4"="vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.vp70"="vp7vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo"="vfwwdm32.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux1"="wdmaud.drv"
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=0
End of the scan:
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bien ...
très infecté ! ... il me faut d'autre données avant de poursuivre ...
fais ceci :
1- Désactiver le redémarrage automatique :
A) Aller dans le menu "Démarrer"/"Panneau de configuration", puis "Performances et maintenance" et enfin "Système" .
Ou bien en faisant un clic-droit sur "Poste de travail" ( sur "ordinateur" pour Vista ) et en sélectionnant "Propriétés" .
B) Cliquez sur l'onglet "Avancé" ( pour Vista , cliquer dans "tâche" sur "paramètre systeme avancés" )
C) Ensuite , dans le 3eme paragraphe "Démarrage et récupération" , cliquer sur "paramètre" .
D) Dans le paragraphe "Défaillance du système" : décocher "Redémarrer automatiquement" .
puis cliquer sur "Ok" , "appliquer" et encore "Ok" pour valider la modif .
Conseil : laisse ces paramètres par la suite ...
==============================
2- Télécharge "gmer" sur le bureau :
http://cjoint.com/data/fmjZOGS1bw.htm
* Double-clique sur l'.exe pour lancer l'outil . Si ton antivirus réagit, ne t'inquiète pas et ignore l'alerte.
* Clique sur l'onglet "rootkit", puis clique sur scan.
Ne touche à rien et laisse travailler
* A la fin du scan, clique sur le bouton copy.
* Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
* poste le rapport stp ...
très infecté ! ... il me faut d'autre données avant de poursuivre ...
fais ceci :
1- Désactiver le redémarrage automatique :
A) Aller dans le menu "Démarrer"/"Panneau de configuration", puis "Performances et maintenance" et enfin "Système" .
Ou bien en faisant un clic-droit sur "Poste de travail" ( sur "ordinateur" pour Vista ) et en sélectionnant "Propriétés" .
B) Cliquez sur l'onglet "Avancé" ( pour Vista , cliquer dans "tâche" sur "paramètre systeme avancés" )
C) Ensuite , dans le 3eme paragraphe "Démarrage et récupération" , cliquer sur "paramètre" .
D) Dans le paragraphe "Défaillance du système" : décocher "Redémarrer automatiquement" .
puis cliquer sur "Ok" , "appliquer" et encore "Ok" pour valider la modif .
Conseil : laisse ces paramètres par la suite ...
==============================
2- Télécharge "gmer" sur le bureau :
http://cjoint.com/data/fmjZOGS1bw.htm
* Double-clique sur l'.exe pour lancer l'outil . Si ton antivirus réagit, ne t'inquiète pas et ignore l'alerte.
* Clique sur l'onglet "rootkit", puis clique sur scan.
Ne touche à rien et laisse travailler
* A la fin du scan, clique sur le bouton copy.
* Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
* poste le rapport stp ...
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-10 19:43:24
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA9A6C1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xA9A6C7AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xA9A6E1EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xA9A6DB9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xA9A6B950]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA9A6FB7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xA9A6C5AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xA9A6BD92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xA9A6BF92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xA9A6DEAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xA9A70084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xA9A6C0A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xA9A6C110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xA9A6DD5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xA9A6F620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xA9A6D9F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xA9A6BAB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xA9A6C3B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xA9A6FBA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xA9A6C2FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xA9A6C178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xA9A6BE7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xA9A6BC5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xA9A6F888]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xA9A6B5D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xA9A6EA74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xA9A6B734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xA9A6FF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xA9A6B3D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xA9A6E08C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xA9A6C6AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xA9A6F71A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xA9A6FBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xA9A6BB08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xA9A6FCB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xA9A6FDE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xA9A6F54C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xA9A6C47E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xA9A6C4F0]
INT 0x62 ? 8A02CBF8
INT 0x74 ? 89931BF8
INT 0x82 ? 8A02CBF8
INT 0x84 ? 89931BF8
INT 0x94 ? 89931BF8
INT 0xA4 ? 89931BF8
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP A9A83626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP A9A839E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 23A8 805010AC 4 Bytes JMP D0A9A6E1
.text ntkrnlpa.exe!ZwCallbackReturn + 264C 80501350 4 Bytes JMP CBAEA9A6
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 12 Bytes [B4, FC, A6, A9, E0, FD, A6, ...]
? spcm.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B9DEA62C 5 Bytes JMP 899311D8
.text alesp9yg.SYS B9D49386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text alesp9yg.SYS B9D493AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text alesp9yg.SYS B9D493C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text alesp9yg.SYS B9D493C9 1 Byte [2E]
.text alesp9yg.SYS B9D493C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!LoadResource 7C80A065 7 Bytes JMP 28001CC0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExW 7C80AB10 4 Bytes JMP 28001B00 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExW + 5 7C80AB15 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceW 7C80BA56 7 Bytes JMP 28001A80 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!SizeofResource 7C80BAF1 7 Bytes JMP 28001D80 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!LockResource 7C80C6CF 5 Bytes JMP 28001DF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceA 7C80C7B1 7 Bytes JMP 28001B90 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 D:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!CreateEventA 7C81E4BD 5 Bytes JMP 28001840 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExA 7C822C2D 7 Bytes JMP 28001C20 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!OutputDebugStringW 7C85A215 5 Bytes JMP 28001E50 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 28001000 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 28001060 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [24, B0, CC, CC] {AND AL, 0xb0; INT 3 ; INT 3 }
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!PeekMessageW 77D19278 5 Bytes JMP 280040D0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!CreateWindowExW 77D21AD5 5 Bytes JMP 28003860 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!SetWindowRgn 77D21DE0 7 Bytes JMP 280059B0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!LoadIconW 77D22174 5 Bytes JMP 280062E0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!LoadImageW 77D242A4 5 Bytes JMP 280060F0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!CreateDialogParamW 77D3629F 5 Bytes JMP 28005AF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!SetWindowPlacement 77D3FBEA 5 Bytes JMP 28005870 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!MessageBoxIndirectW 77D660B7 5 Bytes JMP 28005CE0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!TrackPopupMenuEx 77D6CAFE 5 Bytes JMP 280049B0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!send 719F428A 5 Bytes JMP 2800A210 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 28009FF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!recv 719F615A 5 Bytes JMP 28009E50 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 2800A3F0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 2800A630 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 5 Bytes JMP 28003020 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoInitializeEx 774B42F3 5 Bytes JMP 28002100 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoRegisterClassObject 77501BFC 1 Byte [E9]
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoRegisterClassObject 77501BFC 5 Bytes JMP 28002200 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!HttpOpenRequestA 77AB4AC5 5 Bytes JMP 28008C60 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!InternetCloseHandle 77AB61DC 5 Bytes JMP 28008FA0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!HttpSendRequestA 77AB76B8 5 Bytes JMP 28008ED0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!InternetReadFile 77AB9555 5 Bytes JMP 28008DF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2872] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2872] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3504] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3504] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spcm.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spcm.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spcm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spcm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spcm.sys
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [BA002530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [BA002530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A02B1F8
Device \FileSystem\Fastfat \FatCdrom 89532368
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\PCI_PNP6288 \Device\00000042 spcm.sys
Device \Driver\usbuhci \Device\USBPDO-0 8987A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89FBF1F8
Device \Driver\usbuhci \Device\USBPDO-1 8987A1F8
Device \Driver\usbuhci \Device\USBPDO-2 8987A1F8
Device \Driver\usbuhci \Device\USBPDO-3 8987A1F8
Device \Driver\usbehci \Device\USBPDO-4 898631F8
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\NetBT \Device\NetBT_Tcpip_{7D0D74E4-3C9A-4A12-809A-6ED17FF83AC2} 896D1500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A02D1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 DeepFrz.sys (Deep Freeze 6 driver/Faronics Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 mouclass.sys (Pilote de la classe Souris/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A02D1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 DeepFrz.sys (Deep Freeze 6 driver/Faronics Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 mouclass.sys (Pilote de la classe Souris/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 899111F8
Device \Driver\Cdrom \Device\CdRom1 899111F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A02C1F8
Device \Driver\atapi \Device\Ide\IdePort0 8A02C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A02C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A02C1F8
Device \Driver\Cdrom \Device\CdRom2 899111F8
Device \Driver\Cdrom \Device\CdRom3 899111F8
Device \Driver\Cdrom \Device\CdRom4 899111F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 896D1500
Device \Driver\sptd \Device\3866230038 spcm.sys
Device \Driver\NetBT \Device\NetbiosSmb 896D1500
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\NetBT \Device\NetBT_Tcpip_{3DE1C12C-295B-4ED4-93C7-92DEFB761E72} 896D1500
Device \Driver\usbuhci \Device\USBFDO-0 8987A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8987A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8953C1F8
Device \Driver\usbuhci \Device\USBFDO-2 8987A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8953C1F8
Device \Driver\usbuhci \Device\USBFDO-3 8987A1F8
Device \Driver\usbehci \Device\USBFDO-4 898631F8
Device \Driver\Ftdisk \Device\FtControl 8A02D1F8
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target2Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target1Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target3Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target0Lun0 89767500
Device \FileSystem\Fastfat \Fat 89532368
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 894921F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0x5D 0x92 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0x95 0x3A 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0x63 0xED 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xE1 0x4A 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xEE 0x93 0x26 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC9 0x03 0x49 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0x5D 0x92 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0x4D 0x33 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x06 0x0D 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x80 0x1B 0x50 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@Model 129
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@Therad 9
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@MData 0xCB 0x9B 0xAD 0xEF ...
---- Files - GMER 1.0.15 ----
File D:\WINDOWS\Temp\cch~5ba38ac85.htp 0 bytes
File D:\WINDOWS\Temp\cch~5ba38b15b.htp 0 bytes
File D:\WINDOWS\Temp\cch~5baea81fb.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baea86c9.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb4de4.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb52be.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb7741.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb7c30.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baebd6b3.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baebdba0.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baec714e.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5bb19deb0.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb19e416.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb91dcb6.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb91e1b6.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb934e1d.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb935331.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbbb6ad5.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbbb6fce.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbd53aa5.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbd540c4.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbdbe7ca.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbde609f.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bdbc78de.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5bdbc7de7.htp 0 bytes
File D:\WINDOWS\Temp\cch~5baec764b.htp 8192 bytes
---- EOF - GMER 1.0.15 ----
Rootkit scan 2009-05-10 19:43:24
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA9A6C1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xA9A6C7AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xA9A6E1EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xA9A6DB9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xA9A6B950]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA9A6FB7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xA9A6C5AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xA9A6BD92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xA9A6BF92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xA9A6DEAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xA9A70084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xA9A6C0A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xA9A6C110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xA9A6DD5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xA9A6F620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xA9A6D9F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xA9A6BAB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xA9A6C3B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xA9A6FBA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xA9A6C2FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xA9A6C178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xA9A6BE7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xA9A6BC5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xA9A6F888]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xA9A6B5D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xA9A6EA74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xA9A6B734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xA9A6FF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xA9A6B3D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xA9A6E08C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xA9A6C6AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xA9A6F71A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xA9A6FBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xA9A6BB08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xA9A6FCB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xA9A6FDE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xA9A6F54C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xA9A6C47E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xA9A6C4F0]
INT 0x62 ? 8A02CBF8
INT 0x74 ? 89931BF8
INT 0x82 ? 8A02CBF8
INT 0x84 ? 89931BF8
INT 0x94 ? 89931BF8
INT 0xA4 ? 89931BF8
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP A9A83626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP A9A839E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 23A8 805010AC 4 Bytes JMP D0A9A6E1
.text ntkrnlpa.exe!ZwCallbackReturn + 264C 80501350 4 Bytes JMP CBAEA9A6
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 12 Bytes [B4, FC, A6, A9, E0, FD, A6, ...]
? spcm.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B9DEA62C 5 Bytes JMP 899311D8
.text alesp9yg.SYS B9D49386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text alesp9yg.SYS B9D493AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text alesp9yg.SYS B9D493C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text alesp9yg.SYS B9D493C9 1 Byte [2E]
.text alesp9yg.SYS B9D493C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!LoadResource 7C80A065 7 Bytes JMP 28001CC0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExW 7C80AB10 4 Bytes JMP 28001B00 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExW + 5 7C80AB15 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceW 7C80BA56 7 Bytes JMP 28001A80 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!SizeofResource 7C80BAF1 7 Bytes JMP 28001D80 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!LockResource 7C80C6CF 5 Bytes JMP 28001DF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceA 7C80C7B1 7 Bytes JMP 28001B90 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 D:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!CreateEventA 7C81E4BD 5 Bytes JMP 28001840 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExA 7C822C2D 7 Bytes JMP 28001C20 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!OutputDebugStringW 7C85A215 5 Bytes JMP 28001E50 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 28001000 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 28001060 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [24, B0, CC, CC] {AND AL, 0xb0; INT 3 ; INT 3 }
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!PeekMessageW 77D19278 5 Bytes JMP 280040D0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!CreateWindowExW 77D21AD5 5 Bytes JMP 28003860 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!SetWindowRgn 77D21DE0 7 Bytes JMP 280059B0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!LoadIconW 77D22174 5 Bytes JMP 280062E0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!LoadImageW 77D242A4 5 Bytes JMP 280060F0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!CreateDialogParamW 77D3629F 5 Bytes JMP 28005AF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!SetWindowPlacement 77D3FBEA 5 Bytes JMP 28005870 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!MessageBoxIndirectW 77D660B7 5 Bytes JMP 28005CE0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!TrackPopupMenuEx 77D6CAFE 5 Bytes JMP 280049B0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!send 719F428A 5 Bytes JMP 2800A210 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 28009FF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!recv 719F615A 5 Bytes JMP 28009E50 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 2800A3F0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 2800A630 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 5 Bytes JMP 28003020 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoInitializeEx 774B42F3 5 Bytes JMP 28002100 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoRegisterClassObject 77501BFC 1 Byte [E9]
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoRegisterClassObject 77501BFC 5 Bytes JMP 28002200 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!HttpOpenRequestA 77AB4AC5 5 Bytes JMP 28008C60 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!InternetCloseHandle 77AB61DC 5 Bytes JMP 28008FA0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!HttpSendRequestA 77AB76B8 5 Bytes JMP 28008ED0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!InternetReadFile 77AB9555 5 Bytes JMP 28008DF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2872] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2872] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3504] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3504] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spcm.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spcm.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spcm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spcm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spcm.sys
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [BA002530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [BA002530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A02B1F8
Device \FileSystem\Fastfat \FatCdrom 89532368
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\PCI_PNP6288 \Device\00000042 spcm.sys
Device \Driver\usbuhci \Device\USBPDO-0 8987A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89FBF1F8
Device \Driver\usbuhci \Device\USBPDO-1 8987A1F8
Device \Driver\usbuhci \Device\USBPDO-2 8987A1F8
Device \Driver\usbuhci \Device\USBPDO-3 8987A1F8
Device \Driver\usbehci \Device\USBPDO-4 898631F8
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\NetBT \Device\NetBT_Tcpip_{7D0D74E4-3C9A-4A12-809A-6ED17FF83AC2} 896D1500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A02D1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 DeepFrz.sys (Deep Freeze 6 driver/Faronics Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 mouclass.sys (Pilote de la classe Souris/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A02D1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 DeepFrz.sys (Deep Freeze 6 driver/Faronics Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 mouclass.sys (Pilote de la classe Souris/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 899111F8
Device \Driver\Cdrom \Device\CdRom1 899111F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A02C1F8
Device \Driver\atapi \Device\Ide\IdePort0 8A02C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A02C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A02C1F8
Device \Driver\Cdrom \Device\CdRom2 899111F8
Device \Driver\Cdrom \Device\CdRom3 899111F8
Device \Driver\Cdrom \Device\CdRom4 899111F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 896D1500
Device \Driver\sptd \Device\3866230038 spcm.sys
Device \Driver\NetBT \Device\NetbiosSmb 896D1500
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device \Driver\NetBT \Device\NetBT_Tcpip_{3DE1C12C-295B-4ED4-93C7-92DEFB761E72} 896D1500
Device \Driver\usbuhci \Device\USBFDO-0 8987A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8987A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8953C1F8
Device \Driver\usbuhci \Device\USBFDO-2 8987A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8953C1F8
Device \Driver\usbuhci \Device\USBFDO-3 8987A1F8
Device \Driver\usbehci \Device\USBFDO-4 898631F8
Device \Driver\Ftdisk \Device\FtControl 8A02D1F8
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target2Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target1Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target3Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target0Lun0 89767500
Device \FileSystem\Fastfat \Fat 89532368
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 894921F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0x5D 0x92 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0x95 0x3A 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0x63 0xED 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xE1 0x4A 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xEE 0x93 0x26 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC9 0x03 0x49 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0x5D 0x92 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0x4D 0x33 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x06 0x0D 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x80 0x1B 0x50 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@Model 129
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@Therad 9
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@MData 0xCB 0x9B 0xAD 0xEF ...
---- Files - GMER 1.0.15 ----
File D:\WINDOWS\Temp\cch~5ba38ac85.htp 0 bytes
File D:\WINDOWS\Temp\cch~5ba38b15b.htp 0 bytes
File D:\WINDOWS\Temp\cch~5baea81fb.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baea86c9.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb4de4.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb52be.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb7741.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb7c30.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baebd6b3.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baebdba0.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baec714e.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5bb19deb0.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb19e416.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb91dcb6.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb91e1b6.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb934e1d.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb935331.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbbb6ad5.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbbb6fce.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbd53aa5.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbd540c4.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbdbe7ca.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbde609f.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bdbc78de.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5bdbc7de7.htp 0 bytes
File D:\WINDOWS\Temp\cch~5baec764b.htp 8192 bytes
---- EOF - GMER 1.0.15 ----
Bien ...
on va utiliser un dernier outil de diagnostique ( si il fonctionne ^^ ) , puis on attaque le nettoyage :
1- Télécharge et installe le logiciel HijackThis :
ici http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( ne lance pas ce prg pour l'instant et fais la suite ... )
2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
on va utiliser un dernier outil de diagnostique ( si il fonctionne ^^ ) , puis on attaque le nettoyage :
1- Télécharge et installe le logiciel HijackThis :
ici http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( ne lance pas ce prg pour l'instant et fais la suite ... )
2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
rapport log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-10 20:01:55
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 1 GB (11%) free of 10 GB
Total RAM: 1270 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:57, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\wscript.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\Wscript.exe
D:\WINDOWS\system32\Wscript.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\Wscript.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - (no file)
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTFMON] D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [regdiit] D:\WINDOWS\system32\winxp.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: cbXNHyaA - cbXNHyaA.dll (file missing)
O20 - Winlogon Notify: DfLogon - D:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: fccbXonN - fccbXonN.dll (file missing)
O20 - Winlogon Notify: hgGwTlLb - hgGwTlLb.dll (file missing)
O20 - Winlogon Notify: khfCtuvu - khfCtuvu.dll (file missing)
O20 - Winlogon Notify: pmnnkLFX - pmnnkLFX.dll (file missing)
O20 - Winlogon Notify: rqRHyxvw - rqRHyxvw.dll (file missing)
O20 - Winlogon Notify: tuvUNedD - tuvUNedD.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-10 20:01:55
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 1 GB (11%) free of 10 GB
Total RAM: 1270 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:57, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\wscript.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\Wscript.exe
D:\WINDOWS\system32\Wscript.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\Wscript.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - (no file)
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTFMON] D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [regdiit] D:\WINDOWS\system32\winxp.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: cbXNHyaA - cbXNHyaA.dll (file missing)
O20 - Winlogon Notify: DfLogon - D:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: fccbXonN - fccbXonN.dll (file missing)
O20 - Winlogon Notify: hgGwTlLb - hgGwTlLb.dll (file missing)
O20 - Winlogon Notify: khfCtuvu - khfCtuvu.dll (file missing)
O20 - Winlogon Notify: pmnnkLFX - pmnnkLFX.dll (file missing)
O20 - Winlogon Notify: rqRHyxvw - rqRHyxvw.dll (file missing)
O20 - Winlogon Notify: tuvUNedD - tuvUNedD.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
rapport info:
info.txt logfile of random's system information tool 1.06 2009-05-10 20:01:59
======Uninstall list======
-->D:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Archiveur WinRAR-->D:\Program Files\WinRAR\uninstall.exe
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Correctif Windows XP - KB883667-->D:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
F1 WCP 2009-->C:\Ferrari 2008 Screensaver.zip\rFactor\F1 WCP 2009\uninstall.exe
Foxit Reader-->D:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
High Definition Audio - KB888111-->"D:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE D:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Internet Download Manager-->D:\Program Files\Internet Download Manager\Uninstall.exe
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
KP-Anti Mosquitoes-->D:\PROGRA~1\KPSOFT~1\UNWISE.EXE D:\PROGRA~1\KPSOFT~1\INSTALL.LOG
Lock Folder XP 3.6-->"D:\Program Files\Everstrike Software\Lock Folder XP 3.6\Uninstall.exe" "D:\Program Files\Fichiers communs\Everstrike Software\Lock Folder XP 3.6\install.log"
Logiciel QuickCam de Logitech-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
Messenger Plus! Live-->"D:\Program Files\Messenger Plus! Live\Uninstall.exe"
Mozilla Firefox (3.0.4)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
NeoTrace Express 3.25-->D:\PROGRA~1\NEOTRA~1\UNWISE.EXE D:\PROGRA~1\NEOTRA~1\INSTALL.LOG
PhotoFiltre-->"D:\Program Files\PhotoFiltre\Uninst.exe"
Programme de gestion Camera de Logitech®-->"D:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
RealPlayer-->D:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnagIt 7-->D:\Program Files\TechSmith\SnagIt 7\SIUNINST.EXE
Storm Codec-->D:\Program Files\Ringz Studio\Storm Codec\uninst7.01.19.exe
SWF Opener-->"D:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
TeLL me More-->C:\TeLLmeMore\UnInstal.exe C:\TeLLmeMore\
VDownloader 0.82-->"D:\Program Files\VDOWNLOADER\unins000.exe"
VideoLAN VLC media player 0.8.6b-->D:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinPcap 4.0.2-->D:\Program Files\WinPcap\uninstall.exe
Wireshark 1.0.7-->"D:\Program Files\Wireshark\uninstall.exe"
======Hosts File======
127.0.0.1 localhost
82.98.231.89 browser-security.microsoft.com
82.98.231.89 best-click-scanner.info
82.98.231.89 antivirus-xp-pro-2009.com
82.98.231.89 microsoft.infosecuritycenter.com
82.98.231.89 microsoft.softwaresecurityhelp.com
82.98.231.89 onlinenotifyq.net
82.98.231.89 antivirusxp-pro-2009.com
82.98.231.89 microsoft.browser-security-center.com
======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
======System event log======
Computer Name: RAIKKONEN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).
Record Number: 405
Source Name: Service Control Manager
Time Written: 20090309151356.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: RAIKKONEN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.
Record Number: 404
Source Name: Service Control Manager
Time Written: 20090309151356.000000+060
Event Type: Informations
User: RAIKKONEN\KIMI
Computer Name: RAIKKONEN
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.
Record Number: 403
Source Name: Service Control Manager
Time Written: 20090309151354.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 402
Source Name: Service Control Manager
Time Written: 20090309151354.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: RAIKKONEN
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 401
Source Name: Service Control Manager
Time Written: 20090309151353.000000+060
Event Type: Informations
User:
=====Application event log=====
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr.log.
Record Number: 1466
Source Name: ESENT
Time Written: 20090411185137.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr0022B.log.
Record Number: 1465
Source Name: ESENT
Time Written: 20090411185137.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr0022A.log.
Record Number: 1464
Source Name: ESENT
Time Written: 20090411185137.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr00229.log.
Record Number: 1463
Source Name: ESENT
Time Written: 20090411185136.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr00228.log.
Record Number: 1462
Source Name: ESENT
Time Written: 20090411185136.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-10 20:01:59
======Uninstall list======
-->D:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Archiveur WinRAR-->D:\Program Files\WinRAR\uninstall.exe
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Correctif Windows XP - KB883667-->D:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
F1 WCP 2009-->C:\Ferrari 2008 Screensaver.zip\rFactor\F1 WCP 2009\uninstall.exe
Foxit Reader-->D:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
High Definition Audio - KB888111-->"D:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE D:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Internet Download Manager-->D:\Program Files\Internet Download Manager\Uninstall.exe
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
KP-Anti Mosquitoes-->D:\PROGRA~1\KPSOFT~1\UNWISE.EXE D:\PROGRA~1\KPSOFT~1\INSTALL.LOG
Lock Folder XP 3.6-->"D:\Program Files\Everstrike Software\Lock Folder XP 3.6\Uninstall.exe" "D:\Program Files\Fichiers communs\Everstrike Software\Lock Folder XP 3.6\install.log"
Logiciel QuickCam de Logitech-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
Messenger Plus! Live-->"D:\Program Files\Messenger Plus! Live\Uninstall.exe"
Mozilla Firefox (3.0.4)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
NeoTrace Express 3.25-->D:\PROGRA~1\NEOTRA~1\UNWISE.EXE D:\PROGRA~1\NEOTRA~1\INSTALL.LOG
PhotoFiltre-->"D:\Program Files\PhotoFiltre\Uninst.exe"
Programme de gestion Camera de Logitech®-->"D:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
RealPlayer-->D:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnagIt 7-->D:\Program Files\TechSmith\SnagIt 7\SIUNINST.EXE
Storm Codec-->D:\Program Files\Ringz Studio\Storm Codec\uninst7.01.19.exe
SWF Opener-->"D:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
TeLL me More-->C:\TeLLmeMore\UnInstal.exe C:\TeLLmeMore\
VDownloader 0.82-->"D:\Program Files\VDOWNLOADER\unins000.exe"
VideoLAN VLC media player 0.8.6b-->D:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinPcap 4.0.2-->D:\Program Files\WinPcap\uninstall.exe
Wireshark 1.0.7-->"D:\Program Files\Wireshark\uninstall.exe"
======Hosts File======
127.0.0.1 localhost
82.98.231.89 browser-security.microsoft.com
82.98.231.89 best-click-scanner.info
82.98.231.89 antivirus-xp-pro-2009.com
82.98.231.89 microsoft.infosecuritycenter.com
82.98.231.89 microsoft.softwaresecurityhelp.com
82.98.231.89 onlinenotifyq.net
82.98.231.89 antivirusxp-pro-2009.com
82.98.231.89 microsoft.browser-security-center.com
======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
======System event log======
Computer Name: RAIKKONEN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).
Record Number: 405
Source Name: Service Control Manager
Time Written: 20090309151356.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: RAIKKONEN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.
Record Number: 404
Source Name: Service Control Manager
Time Written: 20090309151356.000000+060
Event Type: Informations
User: RAIKKONEN\KIMI
Computer Name: RAIKKONEN
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.
Record Number: 403
Source Name: Service Control Manager
Time Written: 20090309151354.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 402
Source Name: Service Control Manager
Time Written: 20090309151354.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: RAIKKONEN
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 401
Source Name: Service Control Manager
Time Written: 20090309151353.000000+060
Event Type: Informations
User:
=====Application event log=====
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr.log.
Record Number: 1466
Source Name: ESENT
Time Written: 20090411185137.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr0022B.log.
Record Number: 1465
Source Name: ESENT
Time Written: 20090411185137.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr0022A.log.
Record Number: 1464
Source Name: ESENT
Time Written: 20090411185137.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr00229.log.
Record Number: 1463
Source Name: ESENT
Time Written: 20090411185136.000000+060
Event Type: Informations
User:
Computer Name: RAIKKONEN
Event Code: 301
Message: msnmsgr (1740) \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\D:\Documents and Settings\KIMI\Local Settings\Application Data\Microsoft\Messenger\amir_811@hotmail.com\SharingMetadata\Working\database_E088_A1A2_88A1_7824\fsr00228.log.
Record Number: 1462
Source Name: ESENT
Time Written: 20090411185136.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Bien ...
on attaque avec ceci :
Télécharge UsbFix ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :
> http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
! Déconnecte toi d'internet et ferme toutes applications en cours !
--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .
Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .
# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil.
# Choisis l' option 1 ( Recherche )
# Laisse travailler l'outil et ne touche à rien pendant le scan .
# Une fois terminé, poste le rapport UsbFix.txt qui apparaitra.
Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\UsbFix.txt ).
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Site de l'auteur > http://pagesperso-orange.fr/NosTools/usbfix.html
on attaque avec ceci :
Télécharge UsbFix ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :
> http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
! Déconnecte toi d'internet et ferme toutes applications en cours !
--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .
Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .
# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil.
# Choisis l' option 1 ( Recherche )
# Laisse travailler l'outil et ne touche à rien pendant le scan .
# Une fois terminé, poste le rapport UsbFix.txt qui apparaitra.
Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\UsbFix.txt ).
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Site de l'auteur > http://pagesperso-orange.fr/NosTools/usbfix.html
NB: J'AI PAS PLACé DE PLASH DISK NI DE DISQUE EXTERNE CAR J4EN AI PAS QUI SONT INFECTés.
rapport:
############################## [ UsbFix V3.017 # Scan ]
# User : KIMI (Administrateurs) # RAIKKONEN
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:18:04 | 10/05/2009
# Intel(R) Pentium(R) 4 CPU 2.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ Enabled | Updated ]
# FW : Kaspersky Internet Security[ Enabled ]8.0.0.506
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,26 Go (6,51 Go free) [AMIR] # NTFS
# D:\ # Disque fixe local # 10 Go (1,11 Go free) # NTFS
# E:\ # Disque CD-ROM # 4,37 Go (0 Mo free) [hasen] # CDFS
# F:\ # Disque CD-ROM # 421,12 Mo (0 Mo free) [SETUP5] # CDFS
# G:\ # Disque CD-ROM # 590,6 Mo (0 Mo free) [TMM_SPA2] # CDFS
# H:\ # Disque CD-ROM # 646,03 Mo (0 Mo free) [TMM_SPA3] # CDFS
# I:\ # Disque CD-ROM # 547,12 Mo (0 Mo free) [TMM_ES1] # CDFS
############################## [ Processus actifs ]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\wscript.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\Wscript.exe
D:\WINDOWS\system32\Wscript.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\Wscript.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
HKLM_logon: "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="KIMI"
HKLM_logon: "AltDefaultUserName"="KIMI"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: AVP="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
HKLM_Run: Start WingMan Profiler=D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
HKLM_Run: TkBellExe="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: CTFMON=D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
HKLM_Run: regdiit=D:\WINDOWS\system32\winxp.exe
HKCU_Run: IDMan=D:\Program Files\Internet Download Manager\IDMan.exe /onboot
HKCU_Run: DAEMON Tools Lite="D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
Found ! D:\WINDOWS\system32\winjpg.jpg
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! C:\zPharaoh.exe
Found ! D:\winfile.jpg
Found ! D:\autorun.inf
Found ! F:\Setup.exe
Found ! F:\autorun.inf
Found ! G:\autorun.inf
Found ! H:\autorun.inf
Found ! I:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{05c0fbf0-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{05c0fbf3-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd2-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd3-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd4-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd5-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{fcb432df-1890-11de-95f9-003005c6503c}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.017 ! ]
rapport:
############################## [ UsbFix V3.017 # Scan ]
# User : KIMI (Administrateurs) # RAIKKONEN
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:18:04 | 10/05/2009
# Intel(R) Pentium(R) 4 CPU 2.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ Enabled | Updated ]
# FW : Kaspersky Internet Security[ Enabled ]8.0.0.506
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,26 Go (6,51 Go free) [AMIR] # NTFS
# D:\ # Disque fixe local # 10 Go (1,11 Go free) # NTFS
# E:\ # Disque CD-ROM # 4,37 Go (0 Mo free) [hasen] # CDFS
# F:\ # Disque CD-ROM # 421,12 Mo (0 Mo free) [SETUP5] # CDFS
# G:\ # Disque CD-ROM # 590,6 Mo (0 Mo free) [TMM_SPA2] # CDFS
# H:\ # Disque CD-ROM # 646,03 Mo (0 Mo free) [TMM_SPA3] # CDFS
# I:\ # Disque CD-ROM # 547,12 Mo (0 Mo free) [TMM_ES1] # CDFS
############################## [ Processus actifs ]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\wscript.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\Wscript.exe
D:\WINDOWS\system32\Wscript.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\Wscript.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
HKLM_logon: "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="KIMI"
HKLM_logon: "AltDefaultUserName"="KIMI"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: AVP="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
HKLM_Run: Start WingMan Profiler=D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
HKLM_Run: TkBellExe="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: CTFMON=D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
HKLM_Run: regdiit=D:\WINDOWS\system32\winxp.exe
HKCU_Run: IDMan=D:\Program Files\Internet Download Manager\IDMan.exe /onboot
HKCU_Run: DAEMON Tools Lite="D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
Found ! D:\WINDOWS\system32\winjpg.jpg
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! C:\zPharaoh.exe
Found ! D:\winfile.jpg
Found ! D:\autorun.inf
Found ! F:\Setup.exe
Found ! F:\autorun.inf
Found ! G:\autorun.inf
Found ! H:\autorun.inf
Found ! I:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{05c0fbf0-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{05c0fbf3-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd2-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd3-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd4-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd5-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{fcb432df-1890-11de-95f9-003005c6503c}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.017 ! ]
rapport usbfix:
############################## [ UsbFix V3.017 # Cleaning ]
# User : KIMI (Administrateurs) # RAIKKONEN
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:53:00 | 10/05/2009
# Intel(R) Pentium(R) 4 CPU 2.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ Enabled | Updated ]
# FW : Kaspersky Internet Security[ Enabled ]8.0.0.506
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,26 Go (6,51 Go free) [AMIR] # NTFS
# D:\ # Disque fixe local # 10 Go (1,11 Go free) # NTFS
# E:\ # Disque CD-ROM # 4,37 Go (0 Mo free) [hasen] # CDFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
############################## [ Processus actifs ]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! D:\WINDOWS\system32\winjpg.jpg
Deleted ! C:\winfile.jpg
Deleted ! C:\autorun.inf
Deleted ! C:\zPharaoh.exe
Deleted ! D:\winfile.jpg
Deleted ! D:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fcb432df-1890-11de-95f9-003005c6503c}\Shell\AutoRun\command
################## [ Listing des fichiers présent ]
[11/02/2009 11:52|--a------|0] - C:\AUTOEXEC.BAT
[14/04/2009 12:15|---hs----|212] - C:\boot.ini
[07/09/2002 01:00|-rahs----|4952] - C:\Bootfont.bin
[11/02/2009 11:52|--a------|0] - C:\CONFIG.SYS
[05/03/2009 12:25|--a------|0] - C:\dfinstall.log
[11/02/2009 11:52|-rahs----|0] - C:\IO.SYS
[11/02/2009 11:52|-rahs----|0] - C:\MSDOS.SYS
[03/03/2009 16:08|--a------|23] - C:\Nouveau Document texte.txt
[04/08/2004 03:38|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 03:59|-rahs----|251712] - C:\ntldr
[18/01/2004 11:26|--a------|48] - C:\Serial Tell Me more Espagnol.txt
[03/03/2009 12:44|--ah-----|268] - C:\sqmdata00.sqm
[03/03/2009 12:44|--ah-----|244] - C:\sqmnoopt00.sqm
[18/11/2001 14:32|--a------|442191872] - C:\Tell-me-More CD1 (Espagnol Installation).iso
[21/01/2004 05:33|--a------|574310400] - C:\Tell-me-More CD2 (Espagnol d‚butant).ISO
[21/01/2004 18:19|--a------|619599872] - C:\Tell-me-More CD3 (Espagnol.intermediaire).iso
[21/01/2004 13:41|--a------|677718016] - C:\Tell-me-More CD4 (Espagnol confirm‚).ISO
[16/04/2009 22:58|--ahs----|37888] - C:\Thumbs.db
[03/03/2009 12:28|--a------|1005] - D:\FSC-DeskUpdate.txt
[?|?|?] - D:\pagefile.sys
[05/03/2009 12:25|---------|16299862] - D:\Persi0.sys
[03/03/2009 12:32|--ah-----|268] - D:\sqmdata00.sqm
[17/03/2009 18:34|--ah-----|232] - D:\sqmdata01.sqm
[03/03/2009 12:32|--ah-----|244] - D:\sqmnoopt00.sqm
[17/03/2009 18:34|--ah-----|244] - D:\sqmnoopt01.sqm
[10/05/2009 20:55|--a------|4792] - D:\UsbFix.txt
[22/10/2006 11:42|-r-------|206901488] - E:\Scrubs S5E01.avi
[22/10/2006 12:22|-r-------|206738862] - E:\Scrubs S5E02.avi
[22/10/2006 12:50|-r-------|141338624] - E:\Scrubs S5E03.avi
[23/10/2006 11:29|-r-------|174837760] - E:\Scrubs S5E04.avi
[23/10/2006 12:03|-r-------|176154624] - E:\Scrubs S5E05.avi
[23/10/2006 12:37|-r-------|177434624] - E:\Scrubs S5E06.avi
[09/02/2007 20:30|-r-------|190461952] - E:\Scrubs S5E07.avi
[23/10/2006 20:33|-r-------|203771904] - E:\Scrubs S5E08.avi
[23/10/2006 21:35|-r-------|209838080] - E:\Scrubs S5E09.avi
[23/10/2006 22:08|-r-------|209399808] - E:\Scrubs S5E10.avi
[23/10/2006 22:41|-r-------|209857488] - E:\Scrubs S5E11.avi
[23/10/2006 23:55|-r-------|209098242] - E:\Scrubs S5E12.avi
[25/10/2006 11:48|-r-------|209971764] - E:\Scrubs S5E13.avi
[25/10/2006 12:21|-r-------|210265062] - E:\Scrubs S5E14.avi
[03/11/2006 21:45|-r-------|211030016] - E:\Scrubs S5E15.avi
[03/11/2006 22:17|-r-------|211150848] - E:\Scrubs S5E16.avi
[03/11/2006 22:50|-r-------|211185664] - E:\Scrubs S5E17.avi
[03/11/2006 23:34|-r-------|211161088] - E:\Scrubs S5E18.avi
[16/02/2007 22:46|-r-------|179806208] - E:\Scrubs S5E19.avi
[16/02/2007 22:09|-r-------|179908608] - E:\Scrubs S5E20.avi
[16/02/2007 21:38|-r-------|179888128] - E:\Scrubs S5E21.avi
[16/02/2007 21:12|-r-------|179847168] - E:\Scrubs S5E22.avi
[27/11/2006 10:41|-r-------|188649564] - E:\Scrubs S5E23.avi
[01/12/2006 04:55|-r-------|205420898] - E:\Scrubs S5E24.avi
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.017 ! ]
############################## [ UsbFix V3.017 # Cleaning ]
# User : KIMI (Administrateurs) # RAIKKONEN
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:53:00 | 10/05/2009
# Intel(R) Pentium(R) 4 CPU 2.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ Enabled | Updated ]
# FW : Kaspersky Internet Security[ Enabled ]8.0.0.506
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,26 Go (6,51 Go free) [AMIR] # NTFS
# D:\ # Disque fixe local # 10 Go (1,11 Go free) # NTFS
# E:\ # Disque CD-ROM # 4,37 Go (0 Mo free) [hasen] # CDFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
############################## [ Processus actifs ]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! D:\WINDOWS\system32\winjpg.jpg
Deleted ! C:\winfile.jpg
Deleted ! C:\autorun.inf
Deleted ! C:\zPharaoh.exe
Deleted ! D:\winfile.jpg
Deleted ! D:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fcb432df-1890-11de-95f9-003005c6503c}\Shell\AutoRun\command
################## [ Listing des fichiers présent ]
[11/02/2009 11:52|--a------|0] - C:\AUTOEXEC.BAT
[14/04/2009 12:15|---hs----|212] - C:\boot.ini
[07/09/2002 01:00|-rahs----|4952] - C:\Bootfont.bin
[11/02/2009 11:52|--a------|0] - C:\CONFIG.SYS
[05/03/2009 12:25|--a------|0] - C:\dfinstall.log
[11/02/2009 11:52|-rahs----|0] - C:\IO.SYS
[11/02/2009 11:52|-rahs----|0] - C:\MSDOS.SYS
[03/03/2009 16:08|--a------|23] - C:\Nouveau Document texte.txt
[04/08/2004 03:38|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 03:59|-rahs----|251712] - C:\ntldr
[18/01/2004 11:26|--a------|48] - C:\Serial Tell Me more Espagnol.txt
[03/03/2009 12:44|--ah-----|268] - C:\sqmdata00.sqm
[03/03/2009 12:44|--ah-----|244] - C:\sqmnoopt00.sqm
[18/11/2001 14:32|--a------|442191872] - C:\Tell-me-More CD1 (Espagnol Installation).iso
[21/01/2004 05:33|--a------|574310400] - C:\Tell-me-More CD2 (Espagnol d‚butant).ISO
[21/01/2004 18:19|--a------|619599872] - C:\Tell-me-More CD3 (Espagnol.intermediaire).iso
[21/01/2004 13:41|--a------|677718016] - C:\Tell-me-More CD4 (Espagnol confirm‚).ISO
[16/04/2009 22:58|--ahs----|37888] - C:\Thumbs.db
[03/03/2009 12:28|--a------|1005] - D:\FSC-DeskUpdate.txt
[?|?|?] - D:\pagefile.sys
[05/03/2009 12:25|---------|16299862] - D:\Persi0.sys
[03/03/2009 12:32|--ah-----|268] - D:\sqmdata00.sqm
[17/03/2009 18:34|--ah-----|232] - D:\sqmdata01.sqm
[03/03/2009 12:32|--ah-----|244] - D:\sqmnoopt00.sqm
[17/03/2009 18:34|--ah-----|244] - D:\sqmnoopt01.sqm
[10/05/2009 20:55|--a------|4792] - D:\UsbFix.txt
[22/10/2006 11:42|-r-------|206901488] - E:\Scrubs S5E01.avi
[22/10/2006 12:22|-r-------|206738862] - E:\Scrubs S5E02.avi
[22/10/2006 12:50|-r-------|141338624] - E:\Scrubs S5E03.avi
[23/10/2006 11:29|-r-------|174837760] - E:\Scrubs S5E04.avi
[23/10/2006 12:03|-r-------|176154624] - E:\Scrubs S5E05.avi
[23/10/2006 12:37|-r-------|177434624] - E:\Scrubs S5E06.avi
[09/02/2007 20:30|-r-------|190461952] - E:\Scrubs S5E07.avi
[23/10/2006 20:33|-r-------|203771904] - E:\Scrubs S5E08.avi
[23/10/2006 21:35|-r-------|209838080] - E:\Scrubs S5E09.avi
[23/10/2006 22:08|-r-------|209399808] - E:\Scrubs S5E10.avi
[23/10/2006 22:41|-r-------|209857488] - E:\Scrubs S5E11.avi
[23/10/2006 23:55|-r-------|209098242] - E:\Scrubs S5E12.avi
[25/10/2006 11:48|-r-------|209971764] - E:\Scrubs S5E13.avi
[25/10/2006 12:21|-r-------|210265062] - E:\Scrubs S5E14.avi
[03/11/2006 21:45|-r-------|211030016] - E:\Scrubs S5E15.avi
[03/11/2006 22:17|-r-------|211150848] - E:\Scrubs S5E16.avi
[03/11/2006 22:50|-r-------|211185664] - E:\Scrubs S5E17.avi
[03/11/2006 23:34|-r-------|211161088] - E:\Scrubs S5E18.avi
[16/02/2007 22:46|-r-------|179806208] - E:\Scrubs S5E19.avi
[16/02/2007 22:09|-r-------|179908608] - E:\Scrubs S5E20.avi
[16/02/2007 21:38|-r-------|179888128] - E:\Scrubs S5E21.avi
[16/02/2007 21:12|-r-------|179847168] - E:\Scrubs S5E22.avi
[27/11/2006 10:41|-r-------|188649564] - E:\Scrubs S5E23.avi
[01/12/2006 04:55|-r-------|205420898] - E:\Scrubs S5E24.avi
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.017 ! ]
rapport log :
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-10 20:58:45
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 1 GB (11%) free of 10 GB
Total RAM: 1270 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:47, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - (no file)
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: cbXNHyaA - cbXNHyaA.dll (file missing)
O20 - Winlogon Notify: DfLogon - D:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: fccbXonN - fccbXonN.dll (file missing)
O20 - Winlogon Notify: hgGwTlLb - hgGwTlLb.dll (file missing)
O20 - Winlogon Notify: khfCtuvu - khfCtuvu.dll (file missing)
O20 - Winlogon Notify: pmnnkLFX - pmnnkLFX.dll (file missing)
O20 - Winlogon Notify: rqRHyxvw - rqRHyxvw.dll (file missing)
O20 - Winlogon Notify: tuvUNedD - tuvUNedD.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-10 20:58:45
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 1 GB (11%) free of 10 GB
Total RAM: 1270 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:47, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - (no file)
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: cbXNHyaA - cbXNHyaA.dll (file missing)
O20 - Winlogon Notify: DfLogon - D:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: fccbXonN - fccbXonN.dll (file missing)
O20 - Winlogon Notify: hgGwTlLb - hgGwTlLb.dll (file missing)
O20 - Winlogon Notify: khfCtuvu - khfCtuvu.dll (file missing)
O20 - Winlogon Notify: pmnnkLFX - pmnnkLFX.dll (file missing)
O20 - Winlogon Notify: rqRHyxvw - rqRHyxvw.dll (file missing)
O20 - Winlogon Notify: tuvUNedD - tuvUNedD.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
rapport malawar:
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2105
Windows 5.1.2600 Service Pack 2
10/05/2009 22:06:51
mbam-log-2009-05-10 (22-06-51).txt
Type de recherche: Examen rapide
Eléments examinés: 67773
Temps écoulé: 2 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
D:\Program Files\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
D:\Program Files\Bifrost\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.
D:\Documents and Settings\KIMI\Application Data\QNVW601P.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2105
Windows 5.1.2600 Service Pack 2
10/05/2009 22:06:51
mbam-log-2009-05-10 (22-06-51).txt
Type de recherche: Examen rapide
Eléments examinés: 67773
Temps écoulé: 2 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
D:\Program Files\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
D:\Program Files\Bifrost\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.
D:\Documents and Settings\KIMI\Application Data\QNVW601P.dll (Trojan.Agent) -> Quarantined and deleted successfully.
rapport rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-10 22:11:20
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 1 GB (12%) free of 10 GB
Total RAM: 1270 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:23, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: cbXNHyaA - cbXNHyaA.dll (file missing)
O20 - Winlogon Notify: DfLogon - D:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: fccbXonN - fccbXonN.dll (file missing)
O20 - Winlogon Notify: hgGwTlLb - hgGwTlLb.dll (file missing)
O20 - Winlogon Notify: khfCtuvu - khfCtuvu.dll (file missing)
O20 - Winlogon Notify: pmnnkLFX - pmnnkLFX.dll (file missing)
O20 - Winlogon Notify: rqRHyxvw - rqRHyxvw.dll (file missing)
O20 - Winlogon Notify: tuvUNedD - tuvUNedD.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-10 22:11:20
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 1 GB (12%) free of 10 GB
Total RAM: 1270 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:23, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: cbXNHyaA - cbXNHyaA.dll (file missing)
O20 - Winlogon Notify: DfLogon - D:\WINDOWS\SYSTEM32\LogonDll.dll
O20 - Winlogon Notify: fccbXonN - fccbXonN.dll (file missing)
O20 - Winlogon Notify: hgGwTlLb - hgGwTlLb.dll (file missing)
O20 - Winlogon Notify: khfCtuvu - khfCtuvu.dll (file missing)
O20 - Winlogon Notify: pmnnkLFX - pmnnkLFX.dll (file missing)
O20 - Winlogon Notify: rqRHyxvw - rqRHyxvw.dll (file missing)
O20 - Winlogon Notify: tuvUNedD - tuvUNedD.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Bien ...
dans l'ordre :
1- Télécharge cet outil de SiRi sur ton bureau :
http://siri.urz.free.fr/Softs/RHosts.exe
ou http://siri.urz.free.fr/RHosts.php
Double-cliquer dessus pour le lancer .
-> cliquer sur " Restore original Hosts " et attendre un court instant ...
( ps : c'est normal que rien ne se passe ... )
====================
2- Supprime tout ce qui se trouve dans la quarantaine de Malwarebytes .
====================
3- refais un coup de CCleaner ( registre compris ) .
====================
4- Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------
Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .
Appuie sur la touche Y (Yes) pour démarrer le scan .
Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Le rapport sera crée ici : C:\Combofix.txt
Réactive bien tes défenses .
Poste le rapport Combofix accompagné d'un nouveau rapport RSIT pour analyse ...
dans l'ordre :
1- Télécharge cet outil de SiRi sur ton bureau :
http://siri.urz.free.fr/Softs/RHosts.exe
ou http://siri.urz.free.fr/RHosts.php
Double-cliquer dessus pour le lancer .
-> cliquer sur " Restore original Hosts " et attendre un court instant ...
( ps : c'est normal que rien ne se passe ... )
====================
2- Supprime tout ce qui se trouve dans la quarantaine de Malwarebytes .
====================
3- refais un coup de CCleaner ( registre compris ) .
====================
4- Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------
Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .
Appuie sur la touche Y (Yes) pour démarrer le scan .
Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Le rapport sera crée ici : C:\Combofix.txt
Réactive bien tes défenses .
Poste le rapport Combofix accompagné d'un nouveau rapport RSIT pour analyse ...
rapport combofix:
ComboFix 09-05-09.05 - KIMI 10/05/2009 22:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1270.859 [GMT 1:00]
Lancé depuis: d:\documents and settings\KIMI\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\KIMI\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\RECYCLER .exe
d:\documents and settings\KIMI\Application Data\addons.dat
d:\windows\system32\adednbas.ini
d:\windows\system32\aevagwtk.ini
d:\windows\system32\anqntdrb.ini
d:\windows\system32\aqberdfp.ini
d:\windows\system32\auraqlgn.ini
d:\windows\system32\awnadtrf.ini
d:\windows\system32\bcyihljq.ini
d:\windows\system32\bgtokhjn.ini
d:\windows\system32\bhdsdrsu.ini
d:\windows\system32\bthwjeme.ini
d:\windows\system32\bvhvjlse.ini
d:\windows\system32\cjboikln.ini
d:\windows\system32\ddgjnchy.ini
d:\windows\system32\dlillmrb.ini
d:\windows\system32\dpyprvdu.ini
d:\windows\system32\ejbskpry.ini
d:\windows\system32\EMSAdMoq.ini
d:\windows\system32\EMSAdMoq.ini2
d:\windows\system32\ewotpgxk.ini
d:\windows\system32\fhbrmaya.ini
d:\windows\system32\fwswmpla.ini
d:\windows\system32\ghdsoycb.ini
d:\windows\system32\gijkoxgd.ini
d:\windows\system32\grjmaqfq.ini
d:\windows\system32\hpvuerdc.ini
d:\windows\system32\hqpynqfn.ini
d:\windows\system32\iavtohhf.ini
d:\windows\system32\jecboyte.ini
d:\windows\system32\jhmchm.dll
d:\windows\system32\jyoubmst.ini
d:\windows\system32\kdcohgnx.ini
d:\windows\system32\kqesusio.ini
d:\windows\system32\ljhqpoop.dll
d:\windows\system32\lmqiivjp.ini
d:\windows\system32\logondll.dll
d:\windows\system32\lwpuojuu.ini
d:\windows\system32\mcmupqax.ini
d:\windows\system32\mjpddnow.ini
d:\windows\system32\mqehhdbj.ini
d:\windows\system32\nhpbakvy.ini
d:\windows\system32\nrcnfauk.ini
d:\windows\system32\ntfjsoks.ini
d:\windows\system32\nydavynm.ini
d:\windows\system32\oinlmylo.ini
d:\windows\system32\ojetkhso.ini
d:\windows\system32\oxtfxtoe.ini
d:\windows\system32\oydcki.dll
d:\windows\system32\pkfnfnev.ini
d:\windows\system32\qxudfbss.ini
d:\windows\system32\rislonph.ini
d:\windows\system32\sagrpgwc.ini
d:\windows\system32\sgxdviyq.ini
d:\windows\system32\tjftubkk.ini
d:\windows\system32\tunnxqaj.ini
d:\windows\system32\uabrtokf.ini
d:\windows\system32\umaekiqv.ini
d:\windows\system32\usleuyeq.ini
d:\windows\system32\vqiwnnof.ini
d:\windows\system32\vqjsbovx.ini
d:\windows\system32\wcpyxfru.ini
d:\windows\system32\wwsixjmh.ini
d:\windows\system32\xbbakdxl.ini
d:\windows\system32\xceyihmw.ini
d:\windows\system32\xheabuxb.dll
d:\windows\system32\xtjpbu.dll
d:\windows\system32\ygqllvur.dll
d:\windows\system32\ynmdslxp.ini
d:\windows\system32\ypsfpmci.ini
d:\windows\system32\yrucjmif.ini
d:\windows\system32\yskeccll.ini
d:\windows\system32\yudemyro.ini
d:\windows\system32\yuyuxxpc.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-10 au 2009-05-10 ))))))))))))))))))))))))))))))))))))
.
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\KIMI\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-04-06 14:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-10 21:00 . 2009-04-06 14:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-10 19:17 . 2009-05-10 19:55 -------- d-----w D:\UsbFix
2009-05-10 19:01 . 2009-05-10 19:01 -------- d-----w D:\rsit
2009-05-10 18:58 . 2009-05-10 18:58 -------- d-----w d:\program files\Trend Micro
2009-05-10 15:41 . 2009-05-10 15:41 -------- d-----w d:\program files\DAEMON Tools Lite
2009-05-10 15:39 . 2009-05-10 15:39 717296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-05-10 15:39 . 2009-05-10 15:39 -------- d-----w d:\documents and settings\KIMI\Application Data\DAEMON Tools
2009-05-10 11:13 . 1998-06-25 12:13 28160 ----a-w d:\windows\UnSetup.exe
2009-05-10 11:13 . 1998-01-26 19:45 155648 ----a-w d:\windows\FraUinst.exe
2009-05-10 11:13 . 2009-05-10 16:41 -------- d-----w d:\windows\Lhsp
2009-05-06 20:02 . 2009-05-06 20:02 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Identities
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\WINDOWS
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Help
2009-05-03 15:16 . 2009-05-03 15:16 -------- d-----w d:\program files\uTorrent
2009-05-03 15:16 . 2009-05-10 17:15 -------- d-----w d:\documents and settings\KIMI\Application Data\uTorrent
2009-05-03 09:17 . 2009-05-03 09:17 -------- d-----w d:\documents and settings\KIMI\Application Data\dvdcss
2009-05-02 11:46 . 2009-05-02 11:46 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\vdownloader
2009-05-02 11:45 . 2009-05-02 11:46 -------- d-----w d:\program files\VDOWNLOADER
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Fichiers communs\xing shared
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Real
2009-04-26 17:07 . 2009-04-26 17:07 -------- d-----w d:\documents and settings\KIMI\Application Data\Wireshark
2009-04-26 17:04 . 2009-04-26 17:04 -------- d-----w d:\program files\WinPcap
2009-04-26 17:03 . 2009-04-26 17:04 -------- d-----w d:\program files\Wireshark
2009-04-26 16:56 . 2009-04-26 16:56 -------- d-----w d:\program files\NeoTrace Express
2009-04-23 18:48 . 2009-04-23 18:48 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Logitech
2009-04-22 15:56 . 2009-04-22 16:01 -------- d-----w d:\program files\PhotoFiltre
2009-04-14 09:46 . 2009-04-14 10:18 101287 ----a-w d:\windows\system32\drivers\klin.dat
2009-04-14 09:46 . 2009-04-14 10:18 89601 ----a-w d:\windows\system32\drivers\klick.dat
2009-04-14 09:44 . 2009-05-10 21:47 -------- d-----w d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-14 09:44 . 2009-05-10 21:46 1336864 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-04-14 09:44 . 2009-05-10 21:46 270368 --sha-w d:\windows\system32\drivers\fidbox2.dat
2009-04-13 15:25 . 2009-04-13 15:25 -------- d-----w d:\program files\UnH Solutions
2009-04-11 15:40 . 2009-04-11 15:40 -------- d-----w d:\program files\KP Software
2009-04-11 15:25 . 2009-04-11 15:25 -------- d-----w d:\program files\TechSmith
2009-04-11 14:52 . 2009-04-11 14:52 -------- d-----w d:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 21:46 . 2009-04-14 09:44 3052 --sha-w d:\windows\system32\drivers\fidbox2.idx
2009-05-10 21:46 . 2009-04-14 09:44 12572 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-05-05 18:50 . 2009-05-01 22:27 1536547935 ----a-w d:\program files\Tell Me More Espanol Cd 1,2,3,4 - Learn Spanish Spanish Course-Cours D'espagnol-Corso Di Spagnolo-Spanischkurs.rar
2009-05-01 21:33 . 2009-03-05 11:25 -------- d-----w d:\program files\Faronics
2009-04-27 18:05 . 2009-03-03 11:35 -------- d-----w d:\program files\Fichiers communs\Real
2009-04-23 18:43 . 2009-03-03 11:37 -------- d-----w d:\program files\Fichiers communs\Logitech
2009-04-23 18:43 . 2009-03-03 11:36 -------- d-----w d:\program files\Logitech
2009-04-14 10:18 . 2008-01-29 16:29 33808 ----a-w d:\windows\system32\drivers\klbg.sys
2009-04-06 15:19 . 2009-04-06 15:19 56 ---ha-w d:\windows\system32\ezsidmv.dat
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Skype
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Fichiers communs\Skype
2009-03-15 19:53 . 2009-03-04 19:11 -------- d-----w d:\program files\Internet Download Manager
2009-03-05 11:25 . 2009-03-05 11:25 16299862 ------w D:\Persi0.sys
2009-03-05 11:10 . 2009-03-03 11:20 2048 --s-a-w d:\windows\bootstet.dat
2009-03-04 20:16 . 2004-08-04 04:54 219648 ----a-w d:\windows\system32\uxtheme.dll
2009-03-04 17:19 . 2009-03-04 17:19 107888 ----a-w d:\windows\system32\CmdLineExt.dll
2009-03-04 11:27 . 2009-03-03 11:16 86331 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 11:28 . 2002-09-07 00:00 367658 ----a-w d:\windows\system32\perfh00C.dat
2009-03-03 11:28 . 2002-09-07 00:00 48616 ----a-w d:\windows\system32\perfc00C.dat
2009-03-03 11:24 . 2009-03-03 11:24 12328 ----a-w d:\documents and settings\KIMI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-03 11:16 . 2002-09-07 00:00 67 --sha-w d:\windows\Fonts\desktop.ini
2009-03-03 11:13 . 2009-03-03 11:13 21892 ----a-w d:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 2573744]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-14 206088]
"Start WingMan Profiler"="d:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-27 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=d:\windows\system32\wscript.exe /E:vbs d:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 7.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 7.lnk
backup=d:\windows\pss\SnagIt 7.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 DeepFrz;DeepFrz;d:\windows\system32\drivers\DeepFrz.sys [25/10/2007 13:52 131472]
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LF30FS;LF30FS;d:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-cbXNHyaA - cbXNHyaA.dll
Notify-DfLogon - LogonDll.dll
Notify-fccbXonN - fccbXonN.dll
Notify-hgGwTlLb - hgGwTlLb.dll
Notify-khfCtuvu - khfCtuvu.dll
Notify-pmnnkLFX - pmnnkLFX.dll
Notify-rqRHyxvw - rqRHyxvw.dll
Notify-tuvUNedD - tuvUNedD.dll
.
------- Examen supplémentaire -------
.
IE: &NeoTrace It! - d:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
TCP: {3DE1C12C-295B-4ED4-93C7-92DEFB761E72} = 208.67.222.222 193.55.10.102
FF - ProfilePath - d:\documents and settings\KIMI\Application Data\Mozilla\Firefox\Profiles\vlpqyo9i.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: d:\documents and settings\KIMI\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: d:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 22:47
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):80,1b,50,e0,09,23,90,57,13,b6,d2,51,a0,86,32,27,0a,78,4f,79,0b,
db,8f,2d,40,80,b1,9f,57,e5,ca,2d,7d,5a,b1,e8,5c,ff,9e,b5,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000081
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,63,2b,00,4c,e2,45,41,d2,ba,ae,b4,01,47,72,\
.
------------------------ Autres processus actifs ------------------------
.
d:\program files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
d:\program files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-05-10 22:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-10 21:49
Avant-CF: 1 210 441 728 octets libres
Après-CF: 989 843 456 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
256
ComboFix 09-05-09.05 - KIMI 10/05/2009 22:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1270.859 [GMT 1:00]
Lancé depuis: d:\documents and settings\KIMI\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\KIMI\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\RECYCLER .exe
d:\documents and settings\KIMI\Application Data\addons.dat
d:\windows\system32\adednbas.ini
d:\windows\system32\aevagwtk.ini
d:\windows\system32\anqntdrb.ini
d:\windows\system32\aqberdfp.ini
d:\windows\system32\auraqlgn.ini
d:\windows\system32\awnadtrf.ini
d:\windows\system32\bcyihljq.ini
d:\windows\system32\bgtokhjn.ini
d:\windows\system32\bhdsdrsu.ini
d:\windows\system32\bthwjeme.ini
d:\windows\system32\bvhvjlse.ini
d:\windows\system32\cjboikln.ini
d:\windows\system32\ddgjnchy.ini
d:\windows\system32\dlillmrb.ini
d:\windows\system32\dpyprvdu.ini
d:\windows\system32\ejbskpry.ini
d:\windows\system32\EMSAdMoq.ini
d:\windows\system32\EMSAdMoq.ini2
d:\windows\system32\ewotpgxk.ini
d:\windows\system32\fhbrmaya.ini
d:\windows\system32\fwswmpla.ini
d:\windows\system32\ghdsoycb.ini
d:\windows\system32\gijkoxgd.ini
d:\windows\system32\grjmaqfq.ini
d:\windows\system32\hpvuerdc.ini
d:\windows\system32\hqpynqfn.ini
d:\windows\system32\iavtohhf.ini
d:\windows\system32\jecboyte.ini
d:\windows\system32\jhmchm.dll
d:\windows\system32\jyoubmst.ini
d:\windows\system32\kdcohgnx.ini
d:\windows\system32\kqesusio.ini
d:\windows\system32\ljhqpoop.dll
d:\windows\system32\lmqiivjp.ini
d:\windows\system32\logondll.dll
d:\windows\system32\lwpuojuu.ini
d:\windows\system32\mcmupqax.ini
d:\windows\system32\mjpddnow.ini
d:\windows\system32\mqehhdbj.ini
d:\windows\system32\nhpbakvy.ini
d:\windows\system32\nrcnfauk.ini
d:\windows\system32\ntfjsoks.ini
d:\windows\system32\nydavynm.ini
d:\windows\system32\oinlmylo.ini
d:\windows\system32\ojetkhso.ini
d:\windows\system32\oxtfxtoe.ini
d:\windows\system32\oydcki.dll
d:\windows\system32\pkfnfnev.ini
d:\windows\system32\qxudfbss.ini
d:\windows\system32\rislonph.ini
d:\windows\system32\sagrpgwc.ini
d:\windows\system32\sgxdviyq.ini
d:\windows\system32\tjftubkk.ini
d:\windows\system32\tunnxqaj.ini
d:\windows\system32\uabrtokf.ini
d:\windows\system32\umaekiqv.ini
d:\windows\system32\usleuyeq.ini
d:\windows\system32\vqiwnnof.ini
d:\windows\system32\vqjsbovx.ini
d:\windows\system32\wcpyxfru.ini
d:\windows\system32\wwsixjmh.ini
d:\windows\system32\xbbakdxl.ini
d:\windows\system32\xceyihmw.ini
d:\windows\system32\xheabuxb.dll
d:\windows\system32\xtjpbu.dll
d:\windows\system32\ygqllvur.dll
d:\windows\system32\ynmdslxp.ini
d:\windows\system32\ypsfpmci.ini
d:\windows\system32\yrucjmif.ini
d:\windows\system32\yskeccll.ini
d:\windows\system32\yudemyro.ini
d:\windows\system32\yuyuxxpc.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-10 au 2009-05-10 ))))))))))))))))))))))))))))))))))))
.
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\KIMI\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-04-06 14:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-10 21:00 . 2009-04-06 14:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-10 19:17 . 2009-05-10 19:55 -------- d-----w D:\UsbFix
2009-05-10 19:01 . 2009-05-10 19:01 -------- d-----w D:\rsit
2009-05-10 18:58 . 2009-05-10 18:58 -------- d-----w d:\program files\Trend Micro
2009-05-10 15:41 . 2009-05-10 15:41 -------- d-----w d:\program files\DAEMON Tools Lite
2009-05-10 15:39 . 2009-05-10 15:39 717296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-05-10 15:39 . 2009-05-10 15:39 -------- d-----w d:\documents and settings\KIMI\Application Data\DAEMON Tools
2009-05-10 11:13 . 1998-06-25 12:13 28160 ----a-w d:\windows\UnSetup.exe
2009-05-10 11:13 . 1998-01-26 19:45 155648 ----a-w d:\windows\FraUinst.exe
2009-05-10 11:13 . 2009-05-10 16:41 -------- d-----w d:\windows\Lhsp
2009-05-06 20:02 . 2009-05-06 20:02 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Identities
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\WINDOWS
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Help
2009-05-03 15:16 . 2009-05-03 15:16 -------- d-----w d:\program files\uTorrent
2009-05-03 15:16 . 2009-05-10 17:15 -------- d-----w d:\documents and settings\KIMI\Application Data\uTorrent
2009-05-03 09:17 . 2009-05-03 09:17 -------- d-----w d:\documents and settings\KIMI\Application Data\dvdcss
2009-05-02 11:46 . 2009-05-02 11:46 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\vdownloader
2009-05-02 11:45 . 2009-05-02 11:46 -------- d-----w d:\program files\VDOWNLOADER
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Fichiers communs\xing shared
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Real
2009-04-26 17:07 . 2009-04-26 17:07 -------- d-----w d:\documents and settings\KIMI\Application Data\Wireshark
2009-04-26 17:04 . 2009-04-26 17:04 -------- d-----w d:\program files\WinPcap
2009-04-26 17:03 . 2009-04-26 17:04 -------- d-----w d:\program files\Wireshark
2009-04-26 16:56 . 2009-04-26 16:56 -------- d-----w d:\program files\NeoTrace Express
2009-04-23 18:48 . 2009-04-23 18:48 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Logitech
2009-04-22 15:56 . 2009-04-22 16:01 -------- d-----w d:\program files\PhotoFiltre
2009-04-14 09:46 . 2009-04-14 10:18 101287 ----a-w d:\windows\system32\drivers\klin.dat
2009-04-14 09:46 . 2009-04-14 10:18 89601 ----a-w d:\windows\system32\drivers\klick.dat
2009-04-14 09:44 . 2009-05-10 21:47 -------- d-----w d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-14 09:44 . 2009-05-10 21:46 1336864 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-04-14 09:44 . 2009-05-10 21:46 270368 --sha-w d:\windows\system32\drivers\fidbox2.dat
2009-04-13 15:25 . 2009-04-13 15:25 -------- d-----w d:\program files\UnH Solutions
2009-04-11 15:40 . 2009-04-11 15:40 -------- d-----w d:\program files\KP Software
2009-04-11 15:25 . 2009-04-11 15:25 -------- d-----w d:\program files\TechSmith
2009-04-11 14:52 . 2009-04-11 14:52 -------- d-----w d:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 21:46 . 2009-04-14 09:44 3052 --sha-w d:\windows\system32\drivers\fidbox2.idx
2009-05-10 21:46 . 2009-04-14 09:44 12572 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-05-05 18:50 . 2009-05-01 22:27 1536547935 ----a-w d:\program files\Tell Me More Espanol Cd 1,2,3,4 - Learn Spanish Spanish Course-Cours D'espagnol-Corso Di Spagnolo-Spanischkurs.rar
2009-05-01 21:33 . 2009-03-05 11:25 -------- d-----w d:\program files\Faronics
2009-04-27 18:05 . 2009-03-03 11:35 -------- d-----w d:\program files\Fichiers communs\Real
2009-04-23 18:43 . 2009-03-03 11:37 -------- d-----w d:\program files\Fichiers communs\Logitech
2009-04-23 18:43 . 2009-03-03 11:36 -------- d-----w d:\program files\Logitech
2009-04-14 10:18 . 2008-01-29 16:29 33808 ----a-w d:\windows\system32\drivers\klbg.sys
2009-04-06 15:19 . 2009-04-06 15:19 56 ---ha-w d:\windows\system32\ezsidmv.dat
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Skype
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Fichiers communs\Skype
2009-03-15 19:53 . 2009-03-04 19:11 -------- d-----w d:\program files\Internet Download Manager
2009-03-05 11:25 . 2009-03-05 11:25 16299862 ------w D:\Persi0.sys
2009-03-05 11:10 . 2009-03-03 11:20 2048 --s-a-w d:\windows\bootstet.dat
2009-03-04 20:16 . 2004-08-04 04:54 219648 ----a-w d:\windows\system32\uxtheme.dll
2009-03-04 17:19 . 2009-03-04 17:19 107888 ----a-w d:\windows\system32\CmdLineExt.dll
2009-03-04 11:27 . 2009-03-03 11:16 86331 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 11:28 . 2002-09-07 00:00 367658 ----a-w d:\windows\system32\perfh00C.dat
2009-03-03 11:28 . 2002-09-07 00:00 48616 ----a-w d:\windows\system32\perfc00C.dat
2009-03-03 11:24 . 2009-03-03 11:24 12328 ----a-w d:\documents and settings\KIMI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-03 11:16 . 2002-09-07 00:00 67 --sha-w d:\windows\Fonts\desktop.ini
2009-03-03 11:13 . 2009-03-03 11:13 21892 ----a-w d:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 2573744]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-14 206088]
"Start WingMan Profiler"="d:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-27 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=d:\windows\system32\wscript.exe /E:vbs d:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 7.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 7.lnk
backup=d:\windows\pss\SnagIt 7.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 DeepFrz;DeepFrz;d:\windows\system32\drivers\DeepFrz.sys [25/10/2007 13:52 131472]
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LF30FS;LF30FS;d:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-cbXNHyaA - cbXNHyaA.dll
Notify-DfLogon - LogonDll.dll
Notify-fccbXonN - fccbXonN.dll
Notify-hgGwTlLb - hgGwTlLb.dll
Notify-khfCtuvu - khfCtuvu.dll
Notify-pmnnkLFX - pmnnkLFX.dll
Notify-rqRHyxvw - rqRHyxvw.dll
Notify-tuvUNedD - tuvUNedD.dll
.
------- Examen supplémentaire -------
.
IE: &NeoTrace It! - d:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
TCP: {3DE1C12C-295B-4ED4-93C7-92DEFB761E72} = 208.67.222.222 193.55.10.102
FF - ProfilePath - d:\documents and settings\KIMI\Application Data\Mozilla\Firefox\Profiles\vlpqyo9i.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: d:\documents and settings\KIMI\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: d:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 22:47
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):80,1b,50,e0,09,23,90,57,13,b6,d2,51,a0,86,32,27,0a,78,4f,79,0b,
db,8f,2d,40,80,b1,9f,57,e5,ca,2d,7d,5a,b1,e8,5c,ff,9e,b5,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000081
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,63,2b,00,4c,e2,45,41,d2,ba,ae,b4,01,47,72,\
.
------------------------ Autres processus actifs ------------------------
.
d:\program files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
d:\program files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-05-10 22:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-10 21:49
Avant-CF: 1 210 441 728 octets libres
Après-CF: 989 843 456 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
256
rapport rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-10 22:52:16
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 954 MB (9%) free of 10 GB
Total RAM: 1270 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:18, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-10 22:52:16
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 954 MB (9%) free of 10 GB
Total RAM: 1270 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:18, on 10/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Avant de continuer ,
peux-tu essayer de m'analyser ceci sur VirusTotal :
D:\Persi0.sys
et
D:\windows\bootstet.dat
Poste moi les rapports obtenus et attends la suite ....
===================
Poste donc ces rapports et je regarderai cela demain ...
Bonne nuit ;)
peux-tu essayer de m'analyser ceci sur VirusTotal :
D:\Persi0.sys
et
D:\windows\bootstet.dat
Poste moi les rapports obtenus et attends la suite ....
===================
Poste donc ces rapports et je regarderai cela demain ...
Bonne nuit ;)
rapport bootsete :
Fichier bootstat.dat reçu le 2009.05.08 22:52:22 (CET)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.08 -
AhnLab-V3 5.0.0.2 2009.05.08 -
AntiVir 7.9.0.166 2009.05.08 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.08 -
Avast 4.8.1335.0 2009.05.08 -
AVG 8.5.0.327 2009.05.08 -
BitDefender 7.2 2009.05.08 -
CAT-QuickHeal 10.00 2009.05.08 -
ClamAV 0.94.1 2009.05.08 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.08 -
eSafe 7.0.17.0 2009.05.07 -
eTrust-Vet 31.6.6496 2009.05.08 -
F-Prot 4.4.4.56 2009.05.08 -
F-Secure 8.0.14470.0 2009.05.08 -
Fortinet 3.117.0.0 2009.05.08 -
GData 19 2009.05.08 -
Ikarus T3.1.1.49.0 2009.05.08 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.08 -
McAfee 5609 2009.05.08 -
McAfee+Artemis 5609 2009.05.08 -
McAfee-GW-Edition 6.7.6 2009.05.08 -
Microsoft 1.4602 2009.05.08 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.08 -
Panda 10.0.0.14 2009.05.08 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.08 -
Rising 21.28.41.00 2009.05.08 -
Sophos 4.41.0 2009.05.08 -
Sunbelt 3.2.1858.2 2009.05.08 -
Symantec 1.4.4.12 2009.05.08 -
TheHacker 6.3.4.1.323 2009.05.08 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.07 -
ViRobot 2009.5.8.1725 2009.05.08 -
VirusBuster 4.6.5.0 2009.05.08 -
Information additionnelle
Tamano archivo: 2048 bytes
MD5...: 6a2cb42966136854f4464516fbb4ae72
SHA1..: 8895ff16d9470572b773836e7ceaa6224a54551f
SHA256: 191d1e2d3c13c1b669c4da49a3b33864cd3735eb14c7ec1e1a90eaf01e32c3b2
SHA512: a697b4f4841322cdb5f099f9f57506168b3e4fc64fd87c4462d225fdb6282ee3
74d92cb930062135b415e26dccdd6430f14db4007956fe4a696c346f8edaa930
ssdeep: 3:57k:5
PEiD..: -
TrID..: File type identification
HSC music composer song (83.3%)
Memo File Apollo Database Engine (5.7%)
Lumena CEL bitmap (4.1%)
Corel Photo Paint (2.6%)
VXD Driver (2.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
l'autres n'existe pas.....................
merci bonne nuit et a demain
Fichier bootstat.dat reçu le 2009.05.08 22:52:22 (CET)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.08 -
AhnLab-V3 5.0.0.2 2009.05.08 -
AntiVir 7.9.0.166 2009.05.08 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.08 -
Avast 4.8.1335.0 2009.05.08 -
AVG 8.5.0.327 2009.05.08 -
BitDefender 7.2 2009.05.08 -
CAT-QuickHeal 10.00 2009.05.08 -
ClamAV 0.94.1 2009.05.08 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.08 -
eSafe 7.0.17.0 2009.05.07 -
eTrust-Vet 31.6.6496 2009.05.08 -
F-Prot 4.4.4.56 2009.05.08 -
F-Secure 8.0.14470.0 2009.05.08 -
Fortinet 3.117.0.0 2009.05.08 -
GData 19 2009.05.08 -
Ikarus T3.1.1.49.0 2009.05.08 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.08 -
McAfee 5609 2009.05.08 -
McAfee+Artemis 5609 2009.05.08 -
McAfee-GW-Edition 6.7.6 2009.05.08 -
Microsoft 1.4602 2009.05.08 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.08 -
Panda 10.0.0.14 2009.05.08 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.08 -
Rising 21.28.41.00 2009.05.08 -
Sophos 4.41.0 2009.05.08 -
Sunbelt 3.2.1858.2 2009.05.08 -
Symantec 1.4.4.12 2009.05.08 -
TheHacker 6.3.4.1.323 2009.05.08 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.07 -
ViRobot 2009.5.8.1725 2009.05.08 -
VirusBuster 4.6.5.0 2009.05.08 -
Information additionnelle
Tamano archivo: 2048 bytes
MD5...: 6a2cb42966136854f4464516fbb4ae72
SHA1..: 8895ff16d9470572b773836e7ceaa6224a54551f
SHA256: 191d1e2d3c13c1b669c4da49a3b33864cd3735eb14c7ec1e1a90eaf01e32c3b2
SHA512: a697b4f4841322cdb5f099f9f57506168b3e4fc64fd87c4462d225fdb6282ee3
74d92cb930062135b415e26dccdd6430f14db4007956fe4a696c346f8edaa930
ssdeep: 3:57k:5
PEiD..: -
TrID..: File type identification
HSC music composer song (83.3%)
Memo File Apollo Database Engine (5.7%)
Lumena CEL bitmap (4.1%)
Corel Photo Paint (2.6%)
VXD Driver (2.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
l'autres n'existe pas.....................
merci bonne nuit et a demain
Salut,
la suite :
1-Créer un doc texte sur ton bureau :
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .
Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04267207]
File::
D:\Persi0.sys
D:\WINDOWS\system32\0f05b679-.txt
D:\WINDOWS\system32\0f05b679.txt
Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ...
2-Nettoyage :
!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!
--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .
(Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif )
Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.
Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)
!! Ne touches à rien tant que le scan n'est pas terminé !!
Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : poste le accompagné d' un nouveau rapport RSIT pour analyse ...
( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
la suite :
1-Créer un doc texte sur ton bureau :
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .
Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04267207]
File::
D:\Persi0.sys
D:\WINDOWS\system32\0f05b679-.txt
D:\WINDOWS\system32\0f05b679.txt
Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ...
2-Nettoyage :
!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!
--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .
(Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif )
Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.
Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)
!! Ne touches à rien tant que le scan n'est pas terminé !!
Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : poste le accompagné d' un nouveau rapport RSIT pour analyse ...
( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
rapport combofix:
ComboFix 09-05-09.05 - KIMI 11/05/2009 7:21.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1270.829 [GMT 1:00]
Lancé depuis: d:\documents and settings\KIMI\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\KIMI\Bureau\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FILE ::
D:\Persi0.sys
d:\windows\system32\[u]0/uf05b679-.txt
d:\windows\system32\[u]0/uf05b679.txt
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Persi0.sys
d:\windows\system32\[u]0/uf05b679-.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-11 au 2009-05-11 ))))))))))))))))))))))))))))))))))))
.
2009-05-10 22:21 . 2009-05-10 22:20 410984 ----a-w d:\windows\system32\deploytk.dll
2009-05-10 22:20 . 2009-05-10 22:20 -------- d-----w d:\program files\Java
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\KIMI\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-04-06 14:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-10 21:00 . 2009-04-06 14:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-10 19:17 . 2009-05-10 19:55 -------- d-----w D:\UsbFix
2009-05-10 19:01 . 2009-05-10 19:01 -------- d-----w D:\rsit
2009-05-10 18:58 . 2009-05-10 18:58 -------- d-----w d:\program files\Trend Micro
2009-05-10 15:41 . 2009-05-10 15:41 -------- d-----w d:\program files\DAEMON Tools Lite
2009-05-10 15:39 . 2009-05-10 15:39 717296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-05-10 15:39 . 2009-05-10 15:39 -------- d-----w d:\documents and settings\KIMI\Application Data\DAEMON Tools
2009-05-10 11:13 . 1998-06-25 12:13 28160 ----a-w d:\windows\UnSetup.exe
2009-05-10 11:13 . 1998-01-26 19:45 155648 ----a-w d:\windows\FraUinst.exe
2009-05-10 11:13 . 2009-05-10 16:41 -------- d-----w d:\windows\Lhsp
2009-05-06 20:02 . 2009-05-06 20:02 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Identities
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\WINDOWS
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Help
2009-05-03 15:16 . 2009-05-03 15:16 -------- d-----w d:\program files\uTorrent
2009-05-03 15:16 . 2009-05-10 17:15 -------- d-----w d:\documents and settings\KIMI\Application Data\uTorrent
2009-05-03 09:17 . 2009-05-03 09:17 -------- d-----w d:\documents and settings\KIMI\Application Data\dvdcss
2009-05-02 11:46 . 2009-05-02 11:46 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\vdownloader
2009-05-02 11:45 . 2009-05-02 11:46 -------- d-----w d:\program files\VDOWNLOADER
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Fichiers communs\xing shared
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Real
2009-04-26 17:07 . 2009-04-26 17:07 -------- d-----w d:\documents and settings\KIMI\Application Data\Wireshark
2009-04-26 17:04 . 2009-04-26 17:04 -------- d-----w d:\program files\WinPcap
2009-04-26 17:03 . 2009-04-26 17:04 -------- d-----w d:\program files\Wireshark
2009-04-26 16:56 . 2009-04-26 16:56 -------- d-----w d:\program files\NeoTrace Express
2009-04-23 18:48 . 2009-04-23 18:48 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Logitech
2009-04-22 15:56 . 2009-04-22 16:01 -------- d-----w d:\program files\PhotoFiltre
2009-04-14 09:46 . 2009-04-14 10:18 101287 ----a-w d:\windows\system32\drivers\klin.dat
2009-04-14 09:46 . 2009-04-14 10:18 89601 ----a-w d:\windows\system32\drivers\klick.dat
2009-04-14 09:44 . 2009-05-10 22:07 -------- d-----w d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-14 09:44 . 2009-05-10 21:46 1336864 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-04-14 09:44 . 2009-05-10 21:46 270368 --sha-w d:\windows\system32\drivers\fidbox2.dat
2009-04-13 15:25 . 2009-04-13 15:25 -------- d-----w d:\program files\UnH Solutions
2009-04-11 15:40 . 2009-04-11 15:40 -------- d-----w d:\program files\KP Software
2009-04-11 15:25 . 2009-04-11 15:25 -------- d-----w d:\program files\TechSmith
2009-04-11 14:52 . 2009-04-11 14:52 -------- d-----w d:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 21:46 . 2009-04-14 09:44 3052 --sha-w d:\windows\system32\drivers\fidbox2.idx
2009-05-10 21:46 . 2009-04-14 09:44 12572 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-05-05 18:50 . 2009-05-01 22:27 1536547935 ----a-w d:\program files\Tell Me More Espanol Cd 1,2,3,4 - Learn Spanish Spanish Course-Cours D'espagnol-Corso Di Spagnolo-Spanischkurs.rar
2009-05-01 21:33 . 2009-03-05 11:25 -------- d-----w d:\program files\Faronics
2009-04-27 18:05 . 2009-03-03 11:35 -------- d-----w d:\program files\Fichiers communs\Real
2009-04-23 18:43 . 2009-03-03 11:37 -------- d-----w d:\program files\Fichiers communs\Logitech
2009-04-23 18:43 . 2009-03-03 11:36 -------- d-----w d:\program files\Logitech
2009-04-14 10:18 . 2008-01-29 16:29 33808 ----a-w d:\windows\system32\drivers\klbg.sys
2009-04-06 15:19 . 2009-04-06 15:19 56 ---ha-w d:\windows\system32\ezsidmv.dat
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Skype
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Fichiers communs\Skype
2009-03-15 19:53 . 2009-03-04 19:11 -------- d-----w d:\program files\Internet Download Manager
2009-03-05 11:10 . 2009-03-03 11:20 2048 --s-a-w d:\windows\bootstet.dat
2009-03-04 20:16 . 2004-08-04 04:54 219648 ----a-w d:\windows\system32\uxtheme.dll
2009-03-04 17:19 . 2009-03-04 17:19 107888 ----a-w d:\windows\system32\CmdLineExt.dll
2009-03-04 11:27 . 2009-03-03 11:16 86331 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 11:28 . 2002-09-07 00:00 367658 ----a-w d:\windows\system32\perfh00C.dat
2009-03-03 11:28 . 2002-09-07 00:00 48616 ----a-w d:\windows\system32\perfc00C.dat
2009-03-03 11:24 . 2009-03-03 11:24 12328 ----a-w d:\documents and settings\KIMI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-03 11:16 . 2002-09-07 00:00 67 --sha-w d:\windows\Fonts\desktop.ini
2009-03-03 11:13 . 2009-03-03 11:13 21892 ----a-w d:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-10_21.48.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-10 22:21 . 2009-05-10 22:21 16384 d:\windows\temp\Perflib_Perfdata_d9c.dat
+ 2009-05-10 22:21 . 2009-05-10 22:20 148888 d:\windows\system32\javaws.exe
+ 2009-05-10 22:21 . 2009-05-10 22:20 144792 d:\windows\system32\javaw.exe
+ 2009-05-10 22:21 . 2009-05-10 22:20 144792 d:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 2573744]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-14 206088]
"Start WingMan Profiler"="d:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-27 185872]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 7.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 7.lnk
backup=d:\windows\pss\SnagIt 7.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 DeepFrz;DeepFrz;d:\windows\system32\drivers\DeepFrz.sys [25/10/2007 13:52 131472]
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LF30FS;LF30FS;d:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - WMIAPSRV
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Examen supplémentaire -------
.
IE: &NeoTrace It! - d:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - d:\documents and settings\KIMI\Application Data\Mozilla\Firefox\Profiles\vlpqyo9i.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: d:\documents and settings\KIMI\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: d:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 07:22
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):80,1b,50,e0,09,23,90,57,13,b6,d2,51,a0,86,32,27,0a,78,4f,79,0b,
db,8f,2d,40,80,b1,9f,57,e5,ca,2d,7d,5a,b1,e8,5c,ff,9e,b5,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000081
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,63,2b,00,4c,e2,45,41,d2,ba,ae,b4,01,47,72,\
.
Heure de fin: 2009-05-11 7:23
ComboFix-quarantined-files.txt 2009-05-11 06:23
ComboFix2.txt 2009-05-10 21:49
Avant-CF: 836 993 024 octets libres
Après-CF: 851 009 536 octets libres
177
ComboFix 09-05-09.05 - KIMI 11/05/2009 7:21.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1270.829 [GMT 1:00]
Lancé depuis: d:\documents and settings\KIMI\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\KIMI\Bureau\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FILE ::
D:\Persi0.sys
d:\windows\system32\[u]0/uf05b679-.txt
d:\windows\system32\[u]0/uf05b679.txt
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Persi0.sys
d:\windows\system32\[u]0/uf05b679-.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-11 au 2009-05-11 ))))))))))))))))))))))))))))))))))))
.
2009-05-10 22:21 . 2009-05-10 22:20 410984 ----a-w d:\windows\system32\deploytk.dll
2009-05-10 22:20 . 2009-05-10 22:20 -------- d-----w d:\program files\Java
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\KIMI\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-04-06 14:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-10 21:00 . 2009-04-06 14:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-10 19:17 . 2009-05-10 19:55 -------- d-----w D:\UsbFix
2009-05-10 19:01 . 2009-05-10 19:01 -------- d-----w D:\rsit
2009-05-10 18:58 . 2009-05-10 18:58 -------- d-----w d:\program files\Trend Micro
2009-05-10 15:41 . 2009-05-10 15:41 -------- d-----w d:\program files\DAEMON Tools Lite
2009-05-10 15:39 . 2009-05-10 15:39 717296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-05-10 15:39 . 2009-05-10 15:39 -------- d-----w d:\documents and settings\KIMI\Application Data\DAEMON Tools
2009-05-10 11:13 . 1998-06-25 12:13 28160 ----a-w d:\windows\UnSetup.exe
2009-05-10 11:13 . 1998-01-26 19:45 155648 ----a-w d:\windows\FraUinst.exe
2009-05-10 11:13 . 2009-05-10 16:41 -------- d-----w d:\windows\Lhsp
2009-05-06 20:02 . 2009-05-06 20:02 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Identities
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\WINDOWS
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Help
2009-05-03 15:16 . 2009-05-03 15:16 -------- d-----w d:\program files\uTorrent
2009-05-03 15:16 . 2009-05-10 17:15 -------- d-----w d:\documents and settings\KIMI\Application Data\uTorrent
2009-05-03 09:17 . 2009-05-03 09:17 -------- d-----w d:\documents and settings\KIMI\Application Data\dvdcss
2009-05-02 11:46 . 2009-05-02 11:46 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\vdownloader
2009-05-02 11:45 . 2009-05-02 11:46 -------- d-----w d:\program files\VDOWNLOADER
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Fichiers communs\xing shared
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Real
2009-04-26 17:07 . 2009-04-26 17:07 -------- d-----w d:\documents and settings\KIMI\Application Data\Wireshark
2009-04-26 17:04 . 2009-04-26 17:04 -------- d-----w d:\program files\WinPcap
2009-04-26 17:03 . 2009-04-26 17:04 -------- d-----w d:\program files\Wireshark
2009-04-26 16:56 . 2009-04-26 16:56 -------- d-----w d:\program files\NeoTrace Express
2009-04-23 18:48 . 2009-04-23 18:48 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Logitech
2009-04-22 15:56 . 2009-04-22 16:01 -------- d-----w d:\program files\PhotoFiltre
2009-04-14 09:46 . 2009-04-14 10:18 101287 ----a-w d:\windows\system32\drivers\klin.dat
2009-04-14 09:46 . 2009-04-14 10:18 89601 ----a-w d:\windows\system32\drivers\klick.dat
2009-04-14 09:44 . 2009-05-10 22:07 -------- d-----w d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-14 09:44 . 2009-05-10 21:46 1336864 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-04-14 09:44 . 2009-05-10 21:46 270368 --sha-w d:\windows\system32\drivers\fidbox2.dat
2009-04-13 15:25 . 2009-04-13 15:25 -------- d-----w d:\program files\UnH Solutions
2009-04-11 15:40 . 2009-04-11 15:40 -------- d-----w d:\program files\KP Software
2009-04-11 15:25 . 2009-04-11 15:25 -------- d-----w d:\program files\TechSmith
2009-04-11 14:52 . 2009-04-11 14:52 -------- d-----w d:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 21:46 . 2009-04-14 09:44 3052 --sha-w d:\windows\system32\drivers\fidbox2.idx
2009-05-10 21:46 . 2009-04-14 09:44 12572 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-05-05 18:50 . 2009-05-01 22:27 1536547935 ----a-w d:\program files\Tell Me More Espanol Cd 1,2,3,4 - Learn Spanish Spanish Course-Cours D'espagnol-Corso Di Spagnolo-Spanischkurs.rar
2009-05-01 21:33 . 2009-03-05 11:25 -------- d-----w d:\program files\Faronics
2009-04-27 18:05 . 2009-03-03 11:35 -------- d-----w d:\program files\Fichiers communs\Real
2009-04-23 18:43 . 2009-03-03 11:37 -------- d-----w d:\program files\Fichiers communs\Logitech
2009-04-23 18:43 . 2009-03-03 11:36 -------- d-----w d:\program files\Logitech
2009-04-14 10:18 . 2008-01-29 16:29 33808 ----a-w d:\windows\system32\drivers\klbg.sys
2009-04-06 15:19 . 2009-04-06 15:19 56 ---ha-w d:\windows\system32\ezsidmv.dat
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Skype
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Fichiers communs\Skype
2009-03-15 19:53 . 2009-03-04 19:11 -------- d-----w d:\program files\Internet Download Manager
2009-03-05 11:10 . 2009-03-03 11:20 2048 --s-a-w d:\windows\bootstet.dat
2009-03-04 20:16 . 2004-08-04 04:54 219648 ----a-w d:\windows\system32\uxtheme.dll
2009-03-04 17:19 . 2009-03-04 17:19 107888 ----a-w d:\windows\system32\CmdLineExt.dll
2009-03-04 11:27 . 2009-03-03 11:16 86331 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 11:28 . 2002-09-07 00:00 367658 ----a-w d:\windows\system32\perfh00C.dat
2009-03-03 11:28 . 2002-09-07 00:00 48616 ----a-w d:\windows\system32\perfc00C.dat
2009-03-03 11:24 . 2009-03-03 11:24 12328 ----a-w d:\documents and settings\KIMI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-03 11:16 . 2002-09-07 00:00 67 --sha-w d:\windows\Fonts\desktop.ini
2009-03-03 11:13 . 2009-03-03 11:13 21892 ----a-w d:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-10_21.48.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-10 22:21 . 2009-05-10 22:21 16384 d:\windows\temp\Perflib_Perfdata_d9c.dat
+ 2009-05-10 22:21 . 2009-05-10 22:20 148888 d:\windows\system32\javaws.exe
+ 2009-05-10 22:21 . 2009-05-10 22:20 144792 d:\windows\system32\javaw.exe
+ 2009-05-10 22:21 . 2009-05-10 22:20 144792 d:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 2573744]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-14 206088]
"Start WingMan Profiler"="d:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-27 185872]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 7.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 7.lnk
backup=d:\windows\pss\SnagIt 7.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 DeepFrz;DeepFrz;d:\windows\system32\drivers\DeepFrz.sys [25/10/2007 13:52 131472]
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LF30FS;LF30FS;d:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - WMIAPSRV
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Examen supplémentaire -------
.
IE: &NeoTrace It! - d:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - d:\documents and settings\KIMI\Application Data\Mozilla\Firefox\Profiles\vlpqyo9i.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: d:\documents and settings\KIMI\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: d:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 07:22
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):80,1b,50,e0,09,23,90,57,13,b6,d2,51,a0,86,32,27,0a,78,4f,79,0b,
db,8f,2d,40,80,b1,9f,57,e5,ca,2d,7d,5a,b1,e8,5c,ff,9e,b5,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000081
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,63,2b,00,4c,e2,45,41,d2,ba,ae,b4,01,47,72,\
.
Heure de fin: 2009-05-11 7:23
ComboFix-quarantined-files.txt 2009-05-11 06:23
ComboFix2.txt 2009-05-10 21:49
Avant-CF: 836 993 024 octets libres
Après-CF: 851 009 536 octets libres
177
rapport rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-11 07:26:23
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 825 MB (8%) free of 10 GB
Total RAM: 1270 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:26:24, on 11/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by KIMI at 2009-05-11 07:26:23
Microsoft Windows XP Professionnel Service Pack 2
System drive D: has 825 MB (8%) free of 10 GB
Total RAM: 1270 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:26:24, on 11/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\KIMI\Bureau\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\KIMI.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE1C12C-295B-4ED4-93C7-92DEFB761E72}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
pour la restauration system j'ai cocheé comme tu m'as dis puis j'ai redemarrer et quand le pc a redemarrer j'ai trouver la case decocher a nouveau
pas grave ... le rapport de toolscleaner stp ...