Trojan SPM/LX (aidez moi svp)
Résolu/Fermé
pyte
-
14 juil. 2009 à 17:53
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 21 sept. 2009 à 13:49
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 21 sept. 2009 à 13:49
A voir également:
- Trojan SPM/LX (aidez moi svp)
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan al11 - Forum Virus
- Csrss.exe trojan - Forum Virus
- Comment supprimer csrss.exe? ✓ - Forum Virus
- Trojan b901 ✓ - Forum Virus
164 réponses
1- le rapport de Navilog1 .
Fix Navipromo version 4.0.1 commencé le 15/07/2009 11:17:27,17
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 14.07.2009 à 14h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : BIOS Date: 08/24/06 14:44:22 Ver: 08.00.10
USER : Mr Rigaud ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:25 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
F:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
G:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
H:\ (CD or DVD)
U:\ (Local Disk) - NTFS - Total:465 Go (Free:416 Go)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvé/b
*** Scan terminé 15/07/2009 11:28:52,76 ***
Fix Navipromo version 4.0.1 commencé le 15/07/2009 11:17:27,17
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 14.07.2009 à 14h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : BIOS Date: 08/24/06 14:44:22 Ver: 08.00.10
USER : Mr Rigaud ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:25 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
F:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
G:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
H:\ (CD or DVD)
U:\ (Local Disk) - NTFS - Total:465 Go (Free:416 Go)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvé/b
*** Scan terminé 15/07/2009 11:28:52,76 ***
Hier quand je lancé le logiciel apré que jtapé 2 il bouger pas jai prdu tro de temp --'
2- le rapport de Toolbar S&D .
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : BIOS Date: 08/24/06 14:44:22 Ver: 08.00.10
USER : Mr Rigaud ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:25 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
F:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
G:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
H:\ (CD or DVD)
U:\ (Local Disk) - NTFS - Total:465 Go (Free:416 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/07/2009|11:35 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\dinstallhelper.828BF2DB4ABE49FFB7D84F80988A696F.dll
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\dinstallhelper.ECE4B81A444B472197672A7C0CC6A5BB.dll
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\kb127
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\windows\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
"Default_Page_URL"="http://www.neuf.fr"
"Search Bar"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f"
"Start Page Restore"="http://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\Need.For.Speed.ProStreet+serial+crack+patch fr
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\Need.For.Speed.ProStreet+serial+crack+patch fr\Desktop.ini
C:\DOCUME~1\MRRIGA~1\Favoris\Nouveau dossier\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download.url
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)
C:\DOCUME~1\MRRIGA~1\Mes documents\Ma musique\fat_joe_ft_lil_wayne_-_crack_house_dirty(3).mp3
C:\DOCUME~1\MRRIGA~1\Mes documents\musik\telecharg‚\fat_joe_ft_lil_wayne_-_crack_house_dirty(3).mp3
C:\DOCUME~1\MRRIGA~1\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\Desktop.ini
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\Thumbs.db
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Readme By Squall89.txt
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\[PC GAME ITA] - GTA_SAN_ANDREAS.mdf
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\[PC GAME ITA] - GTA_SAN_ANDREAS.mds
1 - "C:\ToolBar SD\TB_1.txt" - 15/07/2009|11:42 - Option : [2]
-----------\\ Fin du rapport a 11:42:51,75
2- le rapport de Toolbar S&D .
2- le rapport de Toolbar S&D .
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : BIOS Date: 08/24/06 14:44:22 Ver: 08.00.10
USER : Mr Rigaud ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:25 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
F:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
G:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
H:\ (CD or DVD)
U:\ (Local Disk) - NTFS - Total:465 Go (Free:416 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/07/2009|11:35 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\dinstallhelper.828BF2DB4ABE49FFB7D84F80988A696F.dll
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\dinstallhelper.ECE4B81A444B472197672A7C0CC6A5BB.dll
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\kb127
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\windows\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
"Default_Page_URL"="http://www.neuf.fr"
"Search Bar"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f"
"Start Page Restore"="http://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\Need.For.Speed.ProStreet+serial+crack+patch fr
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\Need.For.Speed.ProStreet+serial+crack+patch fr\Desktop.ini
C:\DOCUME~1\MRRIGA~1\Favoris\Nouveau dossier\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download.url
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)
C:\DOCUME~1\MRRIGA~1\Mes documents\Ma musique\fat_joe_ft_lil_wayne_-_crack_house_dirty(3).mp3
C:\DOCUME~1\MRRIGA~1\Mes documents\musik\telecharg‚\fat_joe_ft_lil_wayne_-_crack_house_dirty(3).mp3
C:\DOCUME~1\MRRIGA~1\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\Desktop.ini
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\Thumbs.db
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Readme By Squall89.txt
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\[PC GAME ITA] - GTA_SAN_ANDREAS.mdf
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\[PC GAME ITA] - GTA_SAN_ANDREAS.mds
1 - "C:\ToolBar SD\TB_1.txt" - 15/07/2009|11:42 - Option : [2]
-----------\\ Fin du rapport a 11:42:51,75
2- le rapport de Toolbar S&D .
3- un nouveau "log.txt de" RSIT en entier . (2 months)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr Rigaud at 2009-07-15 11:47:24
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 26 GB (17%) free of 153 GB
Total RAM: 2047 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:27, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Mr Rigaud\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mr Rigaud.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr Rigaud at 2009-07-15 11:47:24
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 26 GB (17%) free of 153 GB
Total RAM: 2047 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:27, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Mr Rigaud\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mr Rigaud.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
1- Refais un coup de CCleaner ( registre compris )
C'est bon =)
2- Télécharge Ad-remover ( de C_XX ) sur ton bureau :
voila >>>>
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:18:45, 15/07/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: THEBOSS | Utilisateur actuel: Mr Rigaud
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Mr Rigaud
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-220523388-1788223648-1801674531-1004\Software\Eorezo
HKU\S-1-5-21-220523388-1788223648-1801674531-1004\Software\ItsLabel
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
.
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel
C:\windows\Installer\c00e57.msi
C:\windows\Installer\c00e5d.msi
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 7.0.5730.13 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.neuf.fr
Search bar: hxxp://home.microsoft.com/search/lobby/search.asp
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.google.fr/
Start Page: hxxp://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc=
Start Page Restore: hxxp://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc=
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Always.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Atomix.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\A-Trakt.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Boanerges.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Denon DN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DenonDN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Digital.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DJ Console.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\K-Display.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Man-TK.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 05.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TASCAM.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TC.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Titanium Max.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\windj.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\Nissan Proto V1.0 (Light Patch).rar
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\RoadTextureModv2.2InlcudingPatches.zip
C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\Documents and Settings\Mr Rigaud\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\Documents and Settings\Mr Rigaud\Mes documents\My Music\Patch MsnCreative WLM 8.5 final[www.msncreative.net].exe
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
.
===================================
.
10386 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\DOCUME~1\MRRIGA~1\LOCALS~1\Temp
1 Fichier(s) - C:\windows\Temp
.
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 13:49:36 | 15/07/2009
.
============== E.O.F ==============
.
C'est bon =)
2- Télécharge Ad-remover ( de C_XX ) sur ton bureau :
voila >>>>
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:18:45, 15/07/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: THEBOSS | Utilisateur actuel: Mr Rigaud
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Mr Rigaud
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-220523388-1788223648-1801674531-1004\Software\Eorezo
HKU\S-1-5-21-220523388-1788223648-1801674531-1004\Software\ItsLabel
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
.
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel
C:\windows\Installer\c00e57.msi
C:\windows\Installer\c00e5d.msi
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 7.0.5730.13 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.neuf.fr
Search bar: hxxp://home.microsoft.com/search/lobby/search.asp
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.google.fr/
Start Page: hxxp://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc=
Start Page Restore: hxxp://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc=
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Always.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Atomix.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\A-Trakt.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Boanerges.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Denon DN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DenonDN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Digital.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DJ Console.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\K-Display.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Man-TK.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 05.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TASCAM.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TC.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Titanium Max.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\windj.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\Nissan Proto V1.0 (Light Patch).rar
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\RoadTextureModv2.2InlcudingPatches.zip
C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\Documents and Settings\Mr Rigaud\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\Documents and Settings\Mr Rigaud\Mes documents\My Music\Patch MsnCreative WLM 8.5 final[www.msncreative.net].exe
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
.
===================================
.
10386 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\DOCUME~1\MRRIGA~1\LOCALS~1\Temp
1 Fichier(s) - C:\windows\Temp
.
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 13:49:36 | 15/07/2009
.
============== E.O.F ==============
.
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
15 juil. 2009 à 14:46
15 juil. 2009 à 14:46
la suite :
1- ! Déconnecte toi et ferme toutes applications en cours (Navigateur compris) !
• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis cette fois l'option "L" et tape sur [entrée] .
• Le nettoyage débute > Laisse travailler l'outil et ne touche à rien !...
--> Poste le rapport qui apparait à la fin dans ta prochaine réponse pour analyse et fais la suite ...
( Le rapport est sauvegardé aussi sous C:\Ad-Report-CLEAN.log)
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
==============================
2- Télécharge FindyKill ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :
> http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
! Déconnecte toi d'internet, désactives ton antivirus et ferme toutes applications en cours !
--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .
Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .
# Double clique sur le raccourci FindyKill présent sur ton bureau pour lancer l'outil.
( sur la 1er fenêtre , tapes f puis [entrèe] pour la version en français ).
# Choisis l' option 1 ( Recherche )
# Laisse travailler l'outil et ne touche à rien pendant le scan .
# Une fois terminé, poste le rapport FindyKill.txt qui apparaitra.
Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\FindyKill.txt ).
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
1- ! Déconnecte toi et ferme toutes applications en cours (Navigateur compris) !
• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis cette fois l'option "L" et tape sur [entrée] .
• Le nettoyage débute > Laisse travailler l'outil et ne touche à rien !...
--> Poste le rapport qui apparait à la fin dans ta prochaine réponse pour analyse et fais la suite ...
( Le rapport est sauvegardé aussi sous C:\Ad-Report-CLEAN.log)
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
==============================
2- Télécharge FindyKill ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :
> http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
! Déconnecte toi d'internet, désactives ton antivirus et ferme toutes applications en cours !
--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .
Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .
# Double clique sur le raccourci FindyKill présent sur ton bureau pour lancer l'outil.
( sur la 1er fenêtre , tapes f puis [entrèe] pour la version en français ).
# Choisis l' option 1 ( Recherche )
# Laisse travailler l'outil et ne touche à rien pendant le scan .
# Une fois terminé, poste le rapport FindyKill.txt qui apparaitra.
Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\FindyKill.txt ).
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Ad-remover
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 16:46:55, 15/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: THEBOSS | Utilisateur actuel: Mr Rigaud
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Mr Rigaud
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Trymedia Systems
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
.
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\ConfMedia.cyp.old
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\db
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoStats
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoStats\eoStats.txt
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel\ItsTV
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel
C:\windows\Installer\c00e57.msi
C:\windows\Installer\c00e5d.msi
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 7.0.5730.13 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Always.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Atomix.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\A-Trakt.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Boanerges.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Denon DN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DenonDN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Digital.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DJ Console.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\K-Display.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Man-TK.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 05.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TASCAM.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TC.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Titanium Max.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\windj.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\Nissan Proto V1.0 (Light Patch).rar
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\RoadTextureModv2.2InlcudingPatches.zip
C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\Documents and Settings\Mr Rigaud\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\Documents and Settings\Mr Rigaud\Mes documents\My Music\Patch MsnCreative WLM 8.5 final[www.msncreative.net].exe
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
.
===================================
.
10780 Octet(s) - C:\Ad-Report-CLEAN.log
10700 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\DOCUME~1\MRRIGA~1\LOCALS~1\Temp
3 Fichier(s) - C:\windows\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
13 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 18:15:13 | 15/07/2009
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 16:46:55, 15/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: THEBOSS | Utilisateur actuel: Mr Rigaud
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Mr Rigaud
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Trymedia Systems
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
.
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\ConfMedia.cyp.old
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\db
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoStats
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoStats\eoStats.txt
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel\ItsTV
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel
C:\windows\Installer\c00e57.msi
C:\windows\Installer\c00e5d.msi
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
.
* Internet Explorer Version 7.0.5730.13 *
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Always.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Atomix.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\A-Trakt.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Boanerges.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Denon DN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DenonDN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Digital.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DJ Console.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\K-Display.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Man-TK.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 05.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TASCAM.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TC.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Titanium Max.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\windj.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\Nissan Proto V1.0 (Light Patch).rar
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\RoadTextureModv2.2InlcudingPatches.zip
C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\Documents and Settings\Mr Rigaud\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\Documents and Settings\Mr Rigaud\Mes documents\My Music\Patch MsnCreative WLM 8.5 final[www.msncreative.net].exe
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
.
===================================
.
10780 Octet(s) - C:\Ad-Report-CLEAN.log
10700 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\DOCUME~1\MRRIGA~1\LOCALS~1\Temp
3 Fichier(s) - C:\windows\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
13 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 18:15:13 | 15/07/2009
.
============== E.O.F ==============
.
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
15 juil. 2009 à 18:55
15 juil. 2009 à 18:55
bien ....
FindyKill maintenant ...
FindyKill maintenant ...
FindyKill
############################## | FindyKill V6.006 |
# User : Mr Rigaud (Administrateurs) # THEBOSS
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 19:07:21 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Pentium(R) D CPU 2.80GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ Enabled | (!) Outdated ]
# FW : BitDefender Firewall[ Enabled ]12.0
# C:\ # Disque fixe local # 149,04 Go (24,92 Go free) [disk de booss] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM # 1,91 Go (0 Mo free) [BF2 DVD] # UDF
# F:\ # Disque CD-ROM # 4,26 Go (0 Mo free) [RACEDRIVER3] # CDFS
# G:\ # Disque CD-ROM # 6,33 Go (0 Mo free) [COD4MW] # CDFS
# H:\ # Disque CD-ROM
# U:\ # Disque fixe local # 465,76 Go (416,11 Go free) [500G] # NTFS
############################## | Processus actifs |
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\alg.exe
C:\windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\system32\wbem\wmiprvse.exe
################## | Registre Startup |
R1 - HKCU\..\Main: "Local Page"="C:\\windows\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
R1 - HKCU\..\Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
R1 - HKCU\..\Main: "Window Title"=""
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Mr Rigaud"
F2 - HKLM\..\logon:"AltDefaultUserName"="Mr Rigaud"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: BDAgent="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
04 - HKLM\..\Run: BitDefender Antiphishing Helper="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
04 - HKLM\..\Run: NvCplDaemon=RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run: nwiz=nwiz.exe /install
04 - HKLM\..\Run: NvMediaCenter=RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run: Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
04 - HKLM\..\Run: UpdatePDRShortCut="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: ctfmon.exe#C:\windows\system32\ctfmon.exe#
04 - HKCU\..\Run: msnmsgr#"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background#
################## | Fichiers # Dossiers infectieux |
################## | C:\Documents and Settings\Mr Rigaud\Temporary Internet Files |
################## | All Drives ... |
Présent ! E:\Setup.exe
Présent ! E:\autorun.inf
Présent ! F:\Setup.exe
Présent ! F:\autorun.inf
Présent ! G:\Setup.exe
Présent ! G:\autorun.inf
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\G
Shell\AutoRun\command =G:\setup\rsrc\Autorun.exe
Shell\dinstall\command =G:\Directx\dxsetup.exe
HKCU\..\..\Explorer\MountPoints2\{4e73130a-045d-11dc-8949-0018f3175c1f}
Shell\AutoRun\command =C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{4f76e22b-a4f5-11dc-8a53-0018f3175c1f}
Shell\AutoRun\command =C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{c97b3366-624d-11dd-8b56-0018f3175c1f}
Shell\AutoRun\command =WD_Windows_Tools\Setup.exe
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe"
28/12/2006 17:51 |Size : 37943614 |Crc32 : 7f76dd70 |Md5 : 22ff65217a6be5137b83f5a2c03e2f85
"C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe"
05/12/2007 07:02 |Size : 43090956 |Crc32 : cccee109 |Md5 : 6f0348f24aafbf2e9c673f9b98197447
################## | ! Fin du rapport # FindyKill V6.006 ! |
############################## | FindyKill V6.006 |
# User : Mr Rigaud (Administrateurs) # THEBOSS
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 19:07:21 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Pentium(R) D CPU 2.80GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ Enabled | (!) Outdated ]
# FW : BitDefender Firewall[ Enabled ]12.0
# C:\ # Disque fixe local # 149,04 Go (24,92 Go free) [disk de booss] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM # 1,91 Go (0 Mo free) [BF2 DVD] # UDF
# F:\ # Disque CD-ROM # 4,26 Go (0 Mo free) [RACEDRIVER3] # CDFS
# G:\ # Disque CD-ROM # 6,33 Go (0 Mo free) [COD4MW] # CDFS
# H:\ # Disque CD-ROM
# U:\ # Disque fixe local # 465,76 Go (416,11 Go free) [500G] # NTFS
############################## | Processus actifs |
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\alg.exe
C:\windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\system32\wbem\wmiprvse.exe
################## | Registre Startup |
R1 - HKCU\..\Main: "Local Page"="C:\\windows\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
R1 - HKCU\..\Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
R1 - HKCU\..\Main: "Window Title"=""
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Mr Rigaud"
F2 - HKLM\..\logon:"AltDefaultUserName"="Mr Rigaud"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: BDAgent="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
04 - HKLM\..\Run: BitDefender Antiphishing Helper="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
04 - HKLM\..\Run: NvCplDaemon=RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run: nwiz=nwiz.exe /install
04 - HKLM\..\Run: NvMediaCenter=RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run: Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
04 - HKLM\..\Run: UpdatePDRShortCut="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: ctfmon.exe#C:\windows\system32\ctfmon.exe#
04 - HKCU\..\Run: msnmsgr#"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background#
################## | Fichiers # Dossiers infectieux |
################## | C:\Documents and Settings\Mr Rigaud\Temporary Internet Files |
################## | All Drives ... |
Présent ! E:\Setup.exe
Présent ! E:\autorun.inf
Présent ! F:\Setup.exe
Présent ! F:\autorun.inf
Présent ! G:\Setup.exe
Présent ! G:\autorun.inf
################## | Registre # Clés Run infectieuses |
Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\G
Shell\AutoRun\command =G:\setup\rsrc\Autorun.exe
Shell\dinstall\command =G:\Directx\dxsetup.exe
HKCU\..\..\Explorer\MountPoints2\{4e73130a-045d-11dc-8949-0018f3175c1f}
Shell\AutoRun\command =C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{4f76e22b-a4f5-11dc-8a53-0018f3175c1f}
Shell\AutoRun\command =C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{c97b3366-624d-11dd-8b56-0018f3175c1f}
Shell\AutoRun\command =WD_Windows_Tools\Setup.exe
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe"
28/12/2006 17:51 |Size : 37943614 |Crc32 : 7f76dd70 |Md5 : 22ff65217a6be5137b83f5a2c03e2f85
"C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe"
05/12/2007 07:02 |Size : 43090956 |Crc32 : cccee109 |Md5 : 6f0348f24aafbf2e9c673f9b98197447
################## | ! Fin du rapport # FindyKill V6.006 ! |
Findykill il a scaner pendant 3h00 --"
############################## | FindyKill V6.006 |
# User : Mr Rigaud (Administrateurs) # THEBOSS
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 20:21:27 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Pentium(R) D CPU 2.80GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ Enabled | (!) Outdated ]
# FW : BitDefender Firewall[ Enabled ]12.0
# C:\ # Disque fixe local # 149,04 Go (24,99 Go free) [disk de booss] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM # 1,91 Go (0 Mo free) [BF2 DVD] # UDF
# F:\ # Disque CD-ROM # 4,26 Go (0 Mo free) [RACEDRIVER3] # CDFS
# G:\ # Disque CD-ROM # 6,33 Go (0 Mo free) [COD4MW] # CDFS
# H:\ # Disque CD-ROM
# U:\ # Disque fixe local # 465,76 Go (416,11 Go free) [500G] # NTFS
############################## | Processus actifs |
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe
################## | Fichiers # Dossiers infectieux |
################## | C:\Documents and Settings\Mr Rigaud\Temporary Internet Files |
################## | All Drives ... |
(!) Non supprimé ! E:\Setup.exe
(!) Non supprimé ! E:\autorun.inf
(!) Non supprimé ! F:\Setup.exe
(!) Non supprimé ! F:\autorun.inf
(!) Non supprimé ! G:\Setup.exe
(!) Non supprimé ! G:\autorun.inf
################## | Autres ... |
################## | Registre # Clés Run infectieuses |
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4e73130a-045d-11dc-8949-0018f3175c1f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4f76e22b-a4f5-11dc-8a53-0018f3175c1f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c97b3366-624d-11dd-8b56-0018f3175c1f}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[15/07/2009 18:22|--a------|11138] - C:\Ad-Report-CLEAN.log
[15/07/2009 13:49|--a------|10700] - C:\Ad-Report-SCAN.log
[02/03/2006 14:00|-rahs----|4952] - C:\Bootfont.bin
[15/07/2009 11:28|--a------|1115] - C:\cleannavi.txt
[15/07/2009 22:38|--a------|3130] - C:\FindyKill.txt
[01/01/2002 15:08|-rahs----|0] - C:\IO.SYS
[01/01/2002 15:08|-rahs----|0] - C:\MSDOS.SYS
[02/03/2006 14:00|-rahs----|47564] - C:\NTDETECT.COM
[24/09/2008 19:10|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[15/07/2009 11:42|--a------|5428] - C:\TB.txt
[?|?|?] - E:\autorun
[?|?|?] - E:\BFMC
[?|?|?] - E:\directx
[?|?|?] - E:\nvidia_driver
[?|?|?] - E:\Redist
[?|?|?] - E:\Support
[23/05/2005 01:22|-r-------|20482048] - E:\00000001.TMP
[23/05/2005 01:22|-r-------|317440] - E:\00000002.TMP
[23/05/2005 01:22|-r-------|1187840] - E:\Autorun.exe
[23/05/2005 01:22|-r-------|43] - E:\Autorun.inf
[23/05/2005 01:22|-r-------|4150] - E:\BF2.ico
[23/05/2005 01:16|-r-------|11681272] - E:\data1.cab
[23/05/2005 01:16|-r-------|204923] - E:\data1.hdr
[23/05/2005 01:22|-r-------|1888953769] - E:\data2.cab
[22/10/2004 06:16|-r-------|470174] - E:\engine32.cab
[23/05/2005 01:22|-r-------|10023] - E:\layout.bin
[21/05/2005 15:45|-r-------|1279256] - E:\Setup.bmp
[22/10/2004 06:16|-r-------|118736] - E:\setup.exe
[23/05/2005 01:16|-r-------|464834] - E:\setup.ibt
[23/05/2005 01:16|-r-------|621] - E:\setup.ini
[23/05/2005 01:15|-r-------|249796] - E:\setup.inx
[25/01/2006 16:37|-r-------|1404928] - F:\Autorun.exe
[20/11/2005 15:35|-r-------|81] - F:\autorun.inf
[25/01/2006 17:51|-r-------|9829937] - F:\data1.cab
[25/01/2006 17:51|-r-------|431079] - F:\data1.hdr
[25/01/2006 18:00|-r-------|1384865792] - F:\data2.cab
[25/01/2006 18:04|-r-------|807856734] - F:\data3.cab
[25/01/2006 18:06|-r-------|512] - F:\data4.cab
[16/07/2004 03:09|-r-------|461268] - F:\engine32.cab
[25/01/2006 18:06|-r-------|3387] - F:\layout.bin
[02/12/2005 16:08|-r-------|734003200] - F:\pad700.dat
[16/09/2002 17:00|-r-------|12] - F:\rd3_eur
[20/11/2005 15:35|-r-------|101] - F:\rd3inst.cfg
[16/07/2004 03:09|-r-------|117200] - F:\setup.exe
[25/01/2006 17:50|-r-------|424423] - F:\setup.ibt
[25/01/2006 17:50|-r-------|515] - F:\setup.ini
[25/01/2006 17:50|-r-------|243962] - F:\setup.inx
[19/04/2004 04:10|-r-------|250296] - F:\setup.isn
[06/10/2007 00:56|-r-------|20482048] - G:\00000001.TMP
[16/05/2006 22:02|-r-------|7242] - G:\0x040c.ini
[06/10/2007 00:53|-r-------|8784384] - G:\CoD4MW.msi
[01/04/2006 00:39|-r-------|41168] - G:\FirewallInstallHelper.dll
[06/10/2007 00:49|-r-------|2231014] - G:\ISSetup.dll
[06/10/2007 00:53|-r-------|464970] - G:\PB.cab
[06/10/2007 00:53|-r-------|2058] - G:\Setup.ini
[16/05/2006 20:58|-r-------|2584848] - G:\WindowsInstaller-KB893803-x86.exe
[12/06/2007 04:27|-r-------|140] - G:\autorun.inf
[16/05/2006 20:58|-r-------|1708856] - G:\instmsia.exe
[16/05/2006 20:58|-r-------|1822520] - G:\instmsiw.exe
[11/07/2007 23:18|-r-------|673576] - G:\pbsvc.exe
[06/10/2007 00:53|-r-------|316728] - G:\setup.exe
[27/09/2007 01:02|-r-------|364616] - G:\splash.bmp
[06/10/2007 00:55|-r-------|152] - G:\version.inf
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# U:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe"
28/12/2006 17:51 |Size : 37943614 |Crc32 : 7f76dd70 |Md5 : 22ff65217a6be5137b83f5a2c03e2f85
################## | ! Fin du rapport # FindyKill V6.006 ! |
############################## | FindyKill V6.006 |
# User : Mr Rigaud (Administrateurs) # THEBOSS
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 20:21:27 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Pentium(R) D CPU 2.80GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ Enabled | (!) Outdated ]
# FW : BitDefender Firewall[ Enabled ]12.0
# C:\ # Disque fixe local # 149,04 Go (24,99 Go free) [disk de booss] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM # 1,91 Go (0 Mo free) [BF2 DVD] # UDF
# F:\ # Disque CD-ROM # 4,26 Go (0 Mo free) [RACEDRIVER3] # CDFS
# G:\ # Disque CD-ROM # 6,33 Go (0 Mo free) [COD4MW] # CDFS
# H:\ # Disque CD-ROM
# U:\ # Disque fixe local # 465,76 Go (416,11 Go free) [500G] # NTFS
############################## | Processus actifs |
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe
################## | Fichiers # Dossiers infectieux |
################## | C:\Documents and Settings\Mr Rigaud\Temporary Internet Files |
################## | All Drives ... |
(!) Non supprimé ! E:\Setup.exe
(!) Non supprimé ! E:\autorun.inf
(!) Non supprimé ! F:\Setup.exe
(!) Non supprimé ! F:\autorun.inf
(!) Non supprimé ! G:\Setup.exe
(!) Non supprimé ! G:\autorun.inf
################## | Autres ... |
################## | Registre # Clés Run infectieuses |
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4e73130a-045d-11dc-8949-0018f3175c1f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4f76e22b-a4f5-11dc-8a53-0018f3175c1f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c97b3366-624d-11dd-8b56-0018f3175c1f}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[15/07/2009 18:22|--a------|11138] - C:\Ad-Report-CLEAN.log
[15/07/2009 13:49|--a------|10700] - C:\Ad-Report-SCAN.log
[02/03/2006 14:00|-rahs----|4952] - C:\Bootfont.bin
[15/07/2009 11:28|--a------|1115] - C:\cleannavi.txt
[15/07/2009 22:38|--a------|3130] - C:\FindyKill.txt
[01/01/2002 15:08|-rahs----|0] - C:\IO.SYS
[01/01/2002 15:08|-rahs----|0] - C:\MSDOS.SYS
[02/03/2006 14:00|-rahs----|47564] - C:\NTDETECT.COM
[24/09/2008 19:10|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[15/07/2009 11:42|--a------|5428] - C:\TB.txt
[?|?|?] - E:\autorun
[?|?|?] - E:\BFMC
[?|?|?] - E:\directx
[?|?|?] - E:\nvidia_driver
[?|?|?] - E:\Redist
[?|?|?] - E:\Support
[23/05/2005 01:22|-r-------|20482048] - E:\00000001.TMP
[23/05/2005 01:22|-r-------|317440] - E:\00000002.TMP
[23/05/2005 01:22|-r-------|1187840] - E:\Autorun.exe
[23/05/2005 01:22|-r-------|43] - E:\Autorun.inf
[23/05/2005 01:22|-r-------|4150] - E:\BF2.ico
[23/05/2005 01:16|-r-------|11681272] - E:\data1.cab
[23/05/2005 01:16|-r-------|204923] - E:\data1.hdr
[23/05/2005 01:22|-r-------|1888953769] - E:\data2.cab
[22/10/2004 06:16|-r-------|470174] - E:\engine32.cab
[23/05/2005 01:22|-r-------|10023] - E:\layout.bin
[21/05/2005 15:45|-r-------|1279256] - E:\Setup.bmp
[22/10/2004 06:16|-r-------|118736] - E:\setup.exe
[23/05/2005 01:16|-r-------|464834] - E:\setup.ibt
[23/05/2005 01:16|-r-------|621] - E:\setup.ini
[23/05/2005 01:15|-r-------|249796] - E:\setup.inx
[25/01/2006 16:37|-r-------|1404928] - F:\Autorun.exe
[20/11/2005 15:35|-r-------|81] - F:\autorun.inf
[25/01/2006 17:51|-r-------|9829937] - F:\data1.cab
[25/01/2006 17:51|-r-------|431079] - F:\data1.hdr
[25/01/2006 18:00|-r-------|1384865792] - F:\data2.cab
[25/01/2006 18:04|-r-------|807856734] - F:\data3.cab
[25/01/2006 18:06|-r-------|512] - F:\data4.cab
[16/07/2004 03:09|-r-------|461268] - F:\engine32.cab
[25/01/2006 18:06|-r-------|3387] - F:\layout.bin
[02/12/2005 16:08|-r-------|734003200] - F:\pad700.dat
[16/09/2002 17:00|-r-------|12] - F:\rd3_eur
[20/11/2005 15:35|-r-------|101] - F:\rd3inst.cfg
[16/07/2004 03:09|-r-------|117200] - F:\setup.exe
[25/01/2006 17:50|-r-------|424423] - F:\setup.ibt
[25/01/2006 17:50|-r-------|515] - F:\setup.ini
[25/01/2006 17:50|-r-------|243962] - F:\setup.inx
[19/04/2004 04:10|-r-------|250296] - F:\setup.isn
[06/10/2007 00:56|-r-------|20482048] - G:\00000001.TMP
[16/05/2006 22:02|-r-------|7242] - G:\0x040c.ini
[06/10/2007 00:53|-r-------|8784384] - G:\CoD4MW.msi
[01/04/2006 00:39|-r-------|41168] - G:\FirewallInstallHelper.dll
[06/10/2007 00:49|-r-------|2231014] - G:\ISSetup.dll
[06/10/2007 00:53|-r-------|464970] - G:\PB.cab
[06/10/2007 00:53|-r-------|2058] - G:\Setup.ini
[16/05/2006 20:58|-r-------|2584848] - G:\WindowsInstaller-KB893803-x86.exe
[12/06/2007 04:27|-r-------|140] - G:\autorun.inf
[16/05/2006 20:58|-r-------|1708856] - G:\instmsia.exe
[16/05/2006 20:58|-r-------|1822520] - G:\instmsiw.exe
[11/07/2007 23:18|-r-------|673576] - G:\pbsvc.exe
[06/10/2007 00:53|-r-------|316728] - G:\setup.exe
[27/09/2007 01:02|-r-------|364616] - G:\splash.bmp
[06/10/2007 00:55|-r-------|152] - G:\version.inf
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# U:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe"
28/12/2006 17:51 |Size : 37943614 |Crc32 : 7f76dd70 |Md5 : 22ff65217a6be5137b83f5a2c03e2f85
################## | ! Fin du rapport # FindyKill V6.006 ! |
RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr Rigaud at 2009-07-15 22:59:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 26 GB (17%) free of 153 GB
Total RAM: 2047 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:40, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Mr Rigaud\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mr Rigaud.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr Rigaud at 2009-07-15 22:59:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 26 GB (17%) free of 153 GB
Total RAM: 2047 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:40, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Mr Rigaud\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mr Rigaud.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--" beug il a pas mi en ligne la fin de mon message ..
Mbam-setup.exe :
Je double clik sur le logiciel il me met le petit sablié a coté de la souri puis pu rien, comme jai pas ma barre de tache jpeut pas desactivé bitdefender :/ jsuis pas sur que sa vienne de l'antivirus .
quand je fais Crtl+Alt+Suppr il me mais dans les procesus Mbam-setup.exe mais pas dans les application :/
Mbam-setup.exe :
Je double clik sur le logiciel il me met le petit sablié a coté de la souri puis pu rien, comme jai pas ma barre de tache jpeut pas desactivé bitdefender :/ jsuis pas sur que sa vienne de l'antivirus .
quand je fais Crtl+Alt+Suppr il me mais dans les procesus Mbam-setup.exe mais pas dans les application :/
okok voila
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 00:32:35
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
Code 8A4B1ED8 ZwEnumerateKey
Code 8A498410 ZwFlushInstructionCache
Code 8A4F3276 IofCallDriver
Code 8A7342C6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A4F327B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A7342CB
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A4B1EDC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A498414
? C:\windows\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B9D5062C 5 Bytes JMP 8A66B1B8
? System32\Drivers\ab6f37gj.SYS Le chemin d'accès spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00C1000A
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00C2000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0278000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0279000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02F7000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02F8000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 009D000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 009E000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B8000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00B9000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B7000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BA000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02CB000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02CE000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00BB000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BC000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0295000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0296000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02E2000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02E3000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E8000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E9000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BC000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BD000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D6000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D7000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D4000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D5000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0294000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0295000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D0000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D1000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 029F000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02A0000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00F3000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00F4000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E9000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BB000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F341 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451178F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511710 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511754 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451169C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445116D6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445117CA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!connect 719F406A 5 Bytes JMP 10011C20
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!send 719F428A 5 Bytes JMP 10011C00
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!recv 719F615A 5 Bytes JMP 10011BE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 10011DE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersA 4408FB4D 5 Bytes JMP 02C6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersW 440FD14D 5 Bytes JMP 02D7000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A7D71D8
Device \FileSystem\Udfs \UdfsCdRom 8A56A5C8
Device \FileSystem\Udfs \UdfsDisk 8A56A5C8
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbuhci \Device\USBPDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-1 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-2 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-3 8A62F1D8
Device \Driver\00000066 \Device\00000054 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 8A6021D8
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7D91D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D25889AA-CA0D-48B9-A5B8-B83FCA88131C} 8A36E558
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7D91D8
Device \Driver\Cdrom \Device\CdRom1 8A5DC1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A5DC1D8
Device \Driver\Cdrom \Device\CdRom3 8A5DC1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A36E558
Device \Driver\NetBT \Device\NetbiosSmb 8A36E558
Device \Driver\NetBT \Device\NetBT_Tcpip_{355E3094-2D9D-4A46-BE76-AF05292CE8AD} 8A36E558
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbuhci \Device\USBFDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBFDO-1 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A55C400
Device \Driver\usbuhci \Device\USBFDO-2 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A55C400
Device \Driver\usbuhci \Device\USBFDO-3 8A62F1D8
Device \Driver\usbehci \Device\USBFDO-4 8A6021D8
Device \Driver\Ftdisk \Device\FtControl 8A7D91D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iteatapi \Device\Scsi\iteatapi1 8A7D81D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A51E460
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1264] 0x047D0000
---- Services - GMER 1.0.15 ----
Service C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\nss84.tmp\UAC.dll 16384 bytes executable
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\UAC6265.tmp 343040 bytes executable
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 00:32:35
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
Code 8A4B1ED8 ZwEnumerateKey
Code 8A498410 ZwFlushInstructionCache
Code 8A4F3276 IofCallDriver
Code 8A7342C6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A4F327B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A7342CB
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A4B1EDC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A498414
? C:\windows\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B9D5062C 5 Bytes JMP 8A66B1B8
? System32\Drivers\ab6f37gj.SYS Le chemin d'accès spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00C1000A
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00C2000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0278000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0279000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02F7000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02F8000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 009D000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 009E000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B8000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00B9000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B7000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BA000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02CB000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02CE000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00BB000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BC000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0295000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0296000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02E2000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02E3000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E8000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E9000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BC000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BD000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D6000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D7000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D4000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D5000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0294000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0295000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D0000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D1000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 029F000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02A0000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00F3000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00F4000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E9000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BB000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F341 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451178F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511710 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511754 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451169C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445116D6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445117CA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!connect 719F406A 5 Bytes JMP 10011C20
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!send 719F428A 5 Bytes JMP 10011C00
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!recv 719F615A 5 Bytes JMP 10011BE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 10011DE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersA 4408FB4D 5 Bytes JMP 02C6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersW 440FD14D 5 Bytes JMP 02D7000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A7D71D8
Device \FileSystem\Udfs \UdfsCdRom 8A56A5C8
Device \FileSystem\Udfs \UdfsDisk 8A56A5C8
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbuhci \Device\USBPDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-1 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-2 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-3 8A62F1D8
Device \Driver\00000066 \Device\00000054 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 8A6021D8
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7D91D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D25889AA-CA0D-48B9-A5B8-B83FCA88131C} 8A36E558
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7D91D8
Device \Driver\Cdrom \Device\CdRom1 8A5DC1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A5DC1D8
Device \Driver\Cdrom \Device\CdRom3 8A5DC1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A36E558
Device \Driver\NetBT \Device\NetbiosSmb 8A36E558
Device \Driver\NetBT \Device\NetBT_Tcpip_{355E3094-2D9D-4A46-BE76-AF05292CE8AD} 8A36E558
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbuhci \Device\USBFDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBFDO-1 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A55C400
Device \Driver\usbuhci \Device\USBFDO-2 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A55C400
Device \Driver\usbuhci \Device\USBFDO-3 8A62F1D8
Device \Driver\usbehci \Device\USBFDO-4 8A6021D8
Device \Driver\Ftdisk \Device\FtControl 8A7D91D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iteatapi \Device\Scsi\iteatapi1 8A7D81D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A51E460
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1264] 0x047D0000
---- Services - GMER 1.0.15 ----
Service C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\nss84.tmp\UAC.dll 16384 bytes executable
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\UAC6265.tmp 343040 bytes executable
okok voila
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 00:32:35
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
Code 8A4B1ED8 ZwEnumerateKey
Code 8A498410 ZwFlushInstructionCache
Code 8A4F3276 IofCallDriver
Code 8A7342C6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A4F327B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A7342CB
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A4B1EDC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A498414
? C:\windows\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B9D5062C 5 Bytes JMP 8A66B1B8
? System32\Drivers\ab6f37gj.SYS Le chemin d'accès spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00C1000A
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00C2000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0278000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0279000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02F7000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02F8000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 009D000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 009E000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B8000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00B9000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B7000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BA000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02CB000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02CE000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00BB000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BC000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0295000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0296000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02E2000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02E3000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E8000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E9000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BC000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BD000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D6000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D7000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D4000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D5000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0294000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0295000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D0000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D1000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 029F000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02A0000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00F3000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00F4000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E9000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BB000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F341 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451178F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511710 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511754 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451169C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445116D6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445117CA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!connect 719F406A 5 Bytes JMP 10011C20
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!send 719F428A 5 Bytes JMP 10011C00
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!recv 719F615A 5 Bytes JMP 10011BE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 10011DE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersA 4408FB4D 5 Bytes JMP 02C6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersW 440FD14D 5 Bytes JMP 02D7000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A7D71D8
Device \FileSystem\Udfs \UdfsCdRom 8A56A5C8
Device \FileSystem\Udfs \UdfsDisk 8A56A5C8
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbuhci \Device\USBPDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-1 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-2 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-3 8A62F1D8
Device \Driver\00000066 \Device\00000054 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 8A6021D8
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7D91D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D25889AA-CA0D-48B9-A5B8-B83FCA88131C} 8A36E558
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7D91D8
Device \Driver\Cdrom \Device\CdRom1 8A5DC1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A5DC1D8
Device \Driver\Cdrom \Device\CdRom3 8A5DC1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A36E558
Device \Driver\NetBT \Device\NetbiosSmb 8A36E558
Device \Driver\NetBT \Device\NetBT_Tcpip_{355E3094-2D9D-4A46-BE76-AF05292CE8AD} 8A36E558
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbuhci \Device\USBFDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBFDO-1 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A55C400
Device \Driver\usbuhci \Device\USBFDO-2 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A55C400
Device \Driver\usbuhci \Device\USBFDO-3 8A62F1D8
Device \Driver\usbehci \Device\USBFDO-4 8A6021D8
Device \Driver\Ftdisk \Device\FtControl 8A7D91D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iteatapi \Device\Scsi\iteatapi1 8A7D81D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A51E460
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1264] 0x047D0000
---- Services - GMER 1.0.15 ----
Service C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\nss84.tmp\UAC.dll 16384 bytes executable
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\UAC6265.tmp 343040 bytes executable
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 00:32:35
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
Code 8A4B1ED8 ZwEnumerateKey
Code 8A498410 ZwFlushInstructionCache
Code 8A4F3276 IofCallDriver
Code 8A7342C6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A4F327B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A7342CB
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A4B1EDC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A498414
? C:\windows\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B9D5062C 5 Bytes JMP 8A66B1B8
? System32\Drivers\ab6f37gj.SYS Le chemin d'accès spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00C1000A
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00C2000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0278000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0279000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02F7000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02F8000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 009D000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 009E000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B8000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00B9000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B7000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BA000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02CB000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02CE000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00BB000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BC000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0295000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0296000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02E2000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02E3000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E8000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E9000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BC000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BD000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D6000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D7000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D4000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D5000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0294000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0295000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D0000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D1000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 029F000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02A0000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00F3000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00F4000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E9000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BB000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F341 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451178F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511710 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511754 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451169C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445116D6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445117CA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!connect 719F406A 5 Bytes JMP 10011C20
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!send 719F428A 5 Bytes JMP 10011C00
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!recv 719F615A 5 Bytes JMP 10011BE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 10011DE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersA 4408FB4D 5 Bytes JMP 02C6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersW 440FD14D 5 Bytes JMP 02D7000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A7D71D8
Device \FileSystem\Udfs \UdfsCdRom 8A56A5C8
Device \FileSystem\Udfs \UdfsDisk 8A56A5C8
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbuhci \Device\USBPDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-1 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-2 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-3 8A62F1D8
Device \Driver\00000066 \Device\00000054 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 8A6021D8
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7D91D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D25889AA-CA0D-48B9-A5B8-B83FCA88131C} 8A36E558
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7D91D8
Device \Driver\Cdrom \Device\CdRom1 8A5DC1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A5DC1D8
Device \Driver\Cdrom \Device\CdRom3 8A5DC1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A36E558
Device \Driver\NetBT \Device\NetbiosSmb 8A36E558
Device \Driver\NetBT \Device\NetBT_Tcpip_{355E3094-2D9D-4A46-BE76-AF05292CE8AD} 8A36E558
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbuhci \Device\USBFDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBFDO-1 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A55C400
Device \Driver\usbuhci \Device\USBFDO-2 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A55C400
Device \Driver\usbuhci \Device\USBFDO-3 8A62F1D8
Device \Driver\usbehci \Device\USBFDO-4 8A6021D8
Device \Driver\Ftdisk \Device\FtControl 8A7D91D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iteatapi \Device\Scsi\iteatapi1 8A7D81D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A51E460
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1264] 0x047D0000
---- Services - GMER 1.0.15 ----
Service C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\nss84.tmp\UAC.dll 16384 bytes executable
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\UAC6265.tmp 343040 bytes executable
" bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ... "
Je ne vois pas ou
Je ne vois pas ou
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
16 juil. 2009 à 00:50
16 juil. 2009 à 00:50
re,
lis la suite de la manipe ... ^^
lis la suite de la manipe ... ^^
double-clique sur "CFix.exe" ( = combofix.exe ) pour lancer l'outil . -- Pour XP > laisse toi guider pour faire l'installe de la console de récupération . reconnecte toi uniquement le temps de cette manipulation . une fois le console installée ,re-déconnecte toi avant de poursuivre --
ComboFix 09-07-14.08 - Mr Rigaud 16/07/2009 0:53:56.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1690 [GMT 2:00]
Running from: C:\Documents and Settings\Mr Rigaud\Bureau\CFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Installer\WMEncoder.msi
C:\windows\system32\_004243_.tmp.dll
C:\windows\system32\_004244_.tmp.dll
C:\windows\system32\_004245_.tmp.dll
C:\windows\system32\_004246_.tmp.dll
C:\windows\system32\_004253_.tmp.dll
C:\windows\system32\_004254_.tmp.dll
C:\windows\system32\_004255_.tmp.dll
C:\windows\system32\_004256_.tmp.dll
C:\windows\system32\_004258_.tmp.dll
C:\windows\system32\_004259_.tmp.dll
C:\windows\system32\_004262_.tmp.dll
C:\windows\system32\_004263_.tmp.dll
C:\windows\system32\_004265_.tmp.dll
C:\windows\system32\_004266_.tmp.dll
C:\windows\system32\_004267_.tmp.dll
C:\windows\system32\_004269_.tmp.dll
C:\windows\system32\_004270_.tmp.dll
C:\windows\system32\_004272_.tmp.dll
C:\windows\system32\_004273_.tmp.dll
C:\windows\system32\_004277_.tmp.dll
C:\windows\system32\_004278_.tmp.dll
C:\windows\system32\_004280_.tmp.dll
C:\windows\system32\_004283_.tmp.dll
C:\windows\system32\_004285_.tmp.dll
C:\windows\system32\_004286_.tmp.dll
C:\windows\system32\_004287_.tmp.dll
C:\windows\system32\_004288_.tmp.dll
C:\windows\system32\_004289_.tmp.dll
C:\windows\system32\_004292_.tmp.dll
C:\windows\system32\_004293_.tmp.dll
C:\windows\system32\_004294_.tmp.dll
C:\windows\system32\_004295_.tmp.dll
C:\windows\system32\_004296_.tmp.dll
C:\windows\system32\_004301_.tmp.dll
C:\windows\system32\_004303_.tmp.dll
C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
C:\windows\system32\UACbwqfrgvpkqdfroxqp.dll
C:\windows\system32\UACemkardlogpryifbup.dll
C:\windows\system32\UACfqrdqbuyqvkiltewn.dll
C:\windows\system32\uacinit.dll
C:\windows\system32\UACpamitroyxwaiiawsr.db
C:\windows\system32\UACpjwxltchrlarhhopx.dat
C:\windows\system32\UACrpddulcgstsrpbbow.dll
C:\windows\system32\uactmp.db
C:\windows\system32\UACykylukwwkriywmebk.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1690 [GMT 2:00]
Running from: C:\Documents and Settings\Mr Rigaud\Bureau\CFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Installer\WMEncoder.msi
C:\windows\system32\_004243_.tmp.dll
C:\windows\system32\_004244_.tmp.dll
C:\windows\system32\_004245_.tmp.dll
C:\windows\system32\_004246_.tmp.dll
C:\windows\system32\_004253_.tmp.dll
C:\windows\system32\_004254_.tmp.dll
C:\windows\system32\_004255_.tmp.dll
C:\windows\system32\_004256_.tmp.dll
C:\windows\system32\_004258_.tmp.dll
C:\windows\system32\_004259_.tmp.dll
C:\windows\system32\_004262_.tmp.dll
C:\windows\system32\_004263_.tmp.dll
C:\windows\system32\_004265_.tmp.dll
C:\windows\system32\_004266_.tmp.dll
C:\windows\system32\_004267_.tmp.dll
C:\windows\system32\_004269_.tmp.dll
C:\windows\system32\_004270_.tmp.dll
C:\windows\system32\_004272_.tmp.dll
C:\windows\system32\_004273_.tmp.dll
C:\windows\system32\_004277_.tmp.dll
C:\windows\system32\_004278_.tmp.dll
C:\windows\system32\_004280_.tmp.dll
C:\windows\system32\_004283_.tmp.dll
C:\windows\system32\_004285_.tmp.dll
C:\windows\system32\_004286_.tmp.dll
C:\windows\system32\_004287_.tmp.dll
C:\windows\system32\_004288_.tmp.dll
C:\windows\system32\_004289_.tmp.dll
C:\windows\system32\_004292_.tmp.dll
C:\windows\system32\_004293_.tmp.dll
C:\windows\system32\_004294_.tmp.dll
C:\windows\system32\_004295_.tmp.dll
C:\windows\system32\_004296_.tmp.dll
C:\windows\system32\_004301_.tmp.dll
C:\windows\system32\_004303_.tmp.dll
C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
C:\windows\system32\UACbwqfrgvpkqdfroxqp.dll
C:\windows\system32\UACemkardlogpryifbup.dll
C:\windows\system32\UACfqrdqbuyqvkiltewn.dll
C:\windows\system32\uacinit.dll
C:\windows\system32\UACpamitroyxwaiiawsr.db
C:\windows\system32\UACpjwxltchrlarhhopx.dat
C:\windows\system32\UACrpddulcgstsrpbbow.dll
C:\windows\system32\uactmp.db
C:\windows\system32\UACykylukwwkriywmebk.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
16 juil. 2009 à 08:41
16 juil. 2009 à 08:41
re,
le rapport n'est pas complet ...
reposte le en entier stp ... ;)
le rapport n'est pas complet ...
reposte le en entier stp ... ;)
ComboFix 09-07-14.08 - Mr Rigaud 16/07/2009 11:19.3.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1535 [GMT 2:00]
Running from: c:\documents and settings\Mr Rigaud\Bureau\CFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-15 17:05 . 2009-07-15 20:41 -------- d-----w- C:\FindyKill
2009-07-15 10:18 . 2009-07-15 16:15 -------- d-----w- c:\program files\Ad-remover
2009-07-14 20:32 . 2009-07-15 09:42 -------- d-----w- C:\ToolBar SD
2009-07-14 20:20 . 2009-07-14 20:20 -------- d-----w- c:\program files\CCleaner
2009-07-14 19:59 . 2009-07-15 09:28 -------- d-----w- c:\program files\Navilog1
2009-07-14 18:05 . 2009-07-14 18:05 -------- d-----w- C:\_OTM
2009-07-14 16:52 . 2009-07-14 16:52 -------- d-----w- C:\rsit
2009-07-14 16:48 . 2009-07-14 16:48 -------- d-----w- c:\program files\Trend Micro
2009-07-03 14:18 . 2009-07-03 14:39 -------- d-----w- c:\documents and settings\Mr Rigaud\Application Data\Notepad++
2009-07-03 14:18 . 2009-07-03 14:18 -------- d-----w- c:\program files\Notepad++
2009-06-23 17:09 . 2009-06-23 17:09 -------- d-----w- c:\program files\Lavalys
2009-06-20 10:33 . 2009-06-24 12:54 -------- d-----w- c:\windows\system32\NtmsData
2009-06-20 09:34 . 2009-06-20 09:34 49152 ----a-r- c:\documents and settings\Mr Rigaud\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 20:42 . 2006-03-02 12:00 79028 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-15 20:42 . 2006-03-02 12:00 494650 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 14:20 . 2008-07-16 14:46 -------- d-----w- c:\program files\eMule
2009-07-13 18:45 . 2009-06-08 16:47 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-07-10 14:15 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-06 07:37 . 2008-12-25 19:59 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-05 16:02 . 2009-03-19 17:52 -------- d-----w- c:\program files\FrostWire
2009-06-29 15:46 . 2007-04-09 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-06-20 08:51 . 2009-05-01 20:56 -------- d-----w- c:\program files\Incomplete
2009-06-19 19:20 . 2008-11-10 17:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 16:38 . 2009-03-19 17:54 -------- d-----w- c:\documents and settings\Mr Rigaud\Application Data\FrostWire
2009-06-16 14:54 . 2006-03-02 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 17:03 . 2002-01-01 13:28 23216 ----a-w- c:\documents and settings\Mr Rigaud\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 13:04 . 2002-01-01 13:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 11:37 . 2009-06-11 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-11 11:33 . 2009-06-11 11:31 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-06-11 11:32 . 2009-06-11 11:32 -------- d-----w- c:\program files\Nero
2009-06-07 17:21 . 2009-06-07 15:17 -------- d-----w- c:\program files\MSN Password Recovery
2009-06-03 19:27 . 2006-03-02 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 17:01 . 2009-05-28 17:01 -------- d-----w- c:\program files\Windows Journal Viewer
2009-05-24 18:56 . 2008-10-14 12:00 1 ----a-w- c:\documents and settings\Mr Rigaud\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-08 10:30 . 2009-05-08 10:27 2328 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-05-08 10:30 . 2007-03-05 19:56 46826 ----a-w- c:\windows\BricoPackUninst.cmd
2009-05-07 15:43 . 2008-09-24 16:47 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 15:44 . 2009-03-07 18:15 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-04-30 20:32 . 2008-03-29 11:27 81984 ----a-w- c:\windows\system32\bdod.bin
2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:09 . 2008-09-24 16:47 1846784 ----a-w- c:\windows\system32\win32k.sys
.
------- Sigcheck -------
[-] 2007-06-13 13:22 2119168 F2BAF212FF37C741CB1269F4574F8ED3 c:\windows\explorer.exe
[7] 2007-06-13 13:10 1037312 B795475444D6D57A572C14B9E1A29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-03-02 12:00 1884672 2FB4F2728B5011FB7B1D62C2A23BC8B0 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
[-] 2007-06-13 13:22 2119168 F2BAF212FF37C741CB1269F4574F8ED3 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-26 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-02 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\Mr Rigaud\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe [2002-9-29 90112]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-3-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-22 688128]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-7-16 950272]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Mr Rigaud^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\Mr Rigaud\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Documents and Settings\\Mr Rigaud\\Bureau\\buro\\iexplore.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [30/07/2007 18:45 15172]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 12:07 82568]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [18/09/2008 11:11 103944]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [16/07/2008 14:07 450560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 11:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-220523388-1788223648-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,e5,74,28,cc,c7,63,8b,e9,e0,5f,29,59,8f,f4,66,77,e9,56,d1,70,72,5e,
99,6e,1c,d7,b1,5c,01,ce,00,c5,e0,77,cf,1f,3f,24,23,70,7d,f9,81,92,2c,11,d0,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
[HKEY_USERS\S-1-5-21-220523388-1788223648-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:a4,7b,b7,94,62,f2,f2,e2,61,a3,af,30,c8,ad,ad,d0,f1,20,20,f9,6b,
73,1c,d2,19,3f,6a,86,76,92,8a,cb,48,dd,c4,eb,6e,b8,a4,83,59,67,f9,1b,e0,a7,\
"rkeysecu"=hex:8e,82,8c,ad,b9,b9,00,43,62,c0,2c,43,1c,ab,5f,0e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9f,6b,d8,5a,17,
a7,7e,24,e2,63,26,f1,3f,c8,ff,68,5d,9d,ed,5f,37,eb,4e,04,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,80,0f,25,61,fd,
f1,a7,c0,6a,9c,d6,61,af,45,84,18,1a,64,d1,1b,c2,be,68,d5,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,a8,26,83,97,1a,
ff,df,47,ff,7c,85,e0,43,d4,0e,fe,60,e5,96,a5,19,cf,3f,7d,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,24,d4,2d,1e,9e,
5f,96,b8,86,8c,21,01,be,91,eb,e7,67,19,e3,b9,45,7f,11,1e,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,b4,39,3d,12,83,
5a,a9,12,f5,1d,4d,73,a8,13,5c,05,cf,5f,7f,03,7c,ce,5d,ff,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ac,9d,ca,a7,24,
82,00,bb,df,20,58,62,78,6b,cf,c8,d8,f9,73,f2,56,8d,20,79,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,79,01,79,af,9a,
51,e5,7c,fb,a7,78,e6,12,2f,9a,ea,99,12,07,53,8b,b3,72,4b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,64,52,ce,90,49,
1d,e0,e1,01,3a,48,fc,e8,04,4a,f1,6d,91,f3,87,16,63,95,b0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1d,2c,86,3a,6d,
32,40,3c,f6,0f,4e,58,98,5b,89,c9,bb,1a,32,3a,67,7b,b5,36,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,4a,d5,84,8e,e6,
2f,21,b2,3d,ce,ea,26,2d,45,aa,78,b0,c4,0f,5e,a9,14,99,42,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,6e,34,a2,40,d2,
41,6d,46,2a,b7,cc,b5,b9,7f,41,e7,63,64,f9,e3,51,81,84,90,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,eb,8f,de,de,5a,
b6,e1,75,6c,43,2d,1e,aa,22,2f,9c,1f,11,37,05,e4,ea,ce,6d,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Longhorn Inspirat\ObjectDock\DockShellHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-16 11:29
ComboFix-quarantined-files.txt 2009-07-16 09:29
Pre-Run: 26 544 349 184 octets libres
Post-Run: 26 587 164 672 octets libres
235 --- E O F --- 2009-07-16 00:11
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1535 [GMT 2:00]
Running from: c:\documents and settings\Mr Rigaud\Bureau\CFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-15 17:05 . 2009-07-15 20:41 -------- d-----w- C:\FindyKill
2009-07-15 10:18 . 2009-07-15 16:15 -------- d-----w- c:\program files\Ad-remover
2009-07-14 20:32 . 2009-07-15 09:42 -------- d-----w- C:\ToolBar SD
2009-07-14 20:20 . 2009-07-14 20:20 -------- d-----w- c:\program files\CCleaner
2009-07-14 19:59 . 2009-07-15 09:28 -------- d-----w- c:\program files\Navilog1
2009-07-14 18:05 . 2009-07-14 18:05 -------- d-----w- C:\_OTM
2009-07-14 16:52 . 2009-07-14 16:52 -------- d-----w- C:\rsit
2009-07-14 16:48 . 2009-07-14 16:48 -------- d-----w- c:\program files\Trend Micro
2009-07-03 14:18 . 2009-07-03 14:39 -------- d-----w- c:\documents and settings\Mr Rigaud\Application Data\Notepad++
2009-07-03 14:18 . 2009-07-03 14:18 -------- d-----w- c:\program files\Notepad++
2009-06-23 17:09 . 2009-06-23 17:09 -------- d-----w- c:\program files\Lavalys
2009-06-20 10:33 . 2009-06-24 12:54 -------- d-----w- c:\windows\system32\NtmsData
2009-06-20 09:34 . 2009-06-20 09:34 49152 ----a-r- c:\documents and settings\Mr Rigaud\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 20:42 . 2006-03-02 12:00 79028 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-15 20:42 . 2006-03-02 12:00 494650 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 14:20 . 2008-07-16 14:46 -------- d-----w- c:\program files\eMule
2009-07-13 18:45 . 2009-06-08 16:47 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-07-10 14:15 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-06 07:37 . 2008-12-25 19:59 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-05 16:02 . 2009-03-19 17:52 -------- d-----w- c:\program files\FrostWire
2009-06-29 15:46 . 2007-04-09 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-06-20 08:51 . 2009-05-01 20:56 -------- d-----w- c:\program files\Incomplete
2009-06-19 19:20 . 2008-11-10 17:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 16:38 . 2009-03-19 17:54 -------- d-----w- c:\documents and settings\Mr Rigaud\Application Data\FrostWire
2009-06-16 14:54 . 2006-03-02 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 17:03 . 2002-01-01 13:28 23216 ----a-w- c:\documents and settings\Mr Rigaud\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 13:04 . 2002-01-01 13:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 11:37 . 2009-06-11 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-11 11:33 . 2009-06-11 11:31 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-06-11 11:32 . 2009-06-11 11:32 -------- d-----w- c:\program files\Nero
2009-06-07 17:21 . 2009-06-07 15:17 -------- d-----w- c:\program files\MSN Password Recovery
2009-06-03 19:27 . 2006-03-02 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 17:01 . 2009-05-28 17:01 -------- d-----w- c:\program files\Windows Journal Viewer
2009-05-24 18:56 . 2008-10-14 12:00 1 ----a-w- c:\documents and settings\Mr Rigaud\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-08 10:30 . 2009-05-08 10:27 2328 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-05-08 10:30 . 2007-03-05 19:56 46826 ----a-w- c:\windows\BricoPackUninst.cmd
2009-05-07 15:43 . 2008-09-24 16:47 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 15:44 . 2009-03-07 18:15 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-04-30 20:32 . 2008-03-29 11:27 81984 ----a-w- c:\windows\system32\bdod.bin
2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:09 . 2008-09-24 16:47 1846784 ----a-w- c:\windows\system32\win32k.sys
.
------- Sigcheck -------
[-] 2007-06-13 13:22 2119168 F2BAF212FF37C741CB1269F4574F8ED3 c:\windows\explorer.exe
[7] 2007-06-13 13:10 1037312 B795475444D6D57A572C14B9E1A29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-03-02 12:00 1884672 2FB4F2728B5011FB7B1D62C2A23BC8B0 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
[-] 2007-06-13 13:22 2119168 F2BAF212FF37C741CB1269F4574F8ED3 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-26 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-02 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\Mr Rigaud\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe [2002-9-29 90112]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-3-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-22 688128]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-7-16 950272]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Mr Rigaud^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\Mr Rigaud\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Documents and Settings\\Mr Rigaud\\Bureau\\buro\\iexplore.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [30/07/2007 18:45 15172]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 12:07 82568]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [18/09/2008 11:11 103944]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [16/07/2008 14:07 450560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 11:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-220523388-1788223648-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,e5,74,28,cc,c7,63,8b,e9,e0,5f,29,59,8f,f4,66,77,e9,56,d1,70,72,5e,
99,6e,1c,d7,b1,5c,01,ce,00,c5,e0,77,cf,1f,3f,24,23,70,7d,f9,81,92,2c,11,d0,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
[HKEY_USERS\S-1-5-21-220523388-1788223648-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:a4,7b,b7,94,62,f2,f2,e2,61,a3,af,30,c8,ad,ad,d0,f1,20,20,f9,6b,
73,1c,d2,19,3f,6a,86,76,92,8a,cb,48,dd,c4,eb,6e,b8,a4,83,59,67,f9,1b,e0,a7,\
"rkeysecu"=hex:8e,82,8c,ad,b9,b9,00,43,62,c0,2c,43,1c,ab,5f,0e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9f,6b,d8,5a,17,
a7,7e,24,e2,63,26,f1,3f,c8,ff,68,5d,9d,ed,5f,37,eb,4e,04,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,80,0f,25,61,fd,
f1,a7,c0,6a,9c,d6,61,af,45,84,18,1a,64,d1,1b,c2,be,68,d5,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,a8,26,83,97,1a,
ff,df,47,ff,7c,85,e0,43,d4,0e,fe,60,e5,96,a5,19,cf,3f,7d,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,24,d4,2d,1e,9e,
5f,96,b8,86,8c,21,01,be,91,eb,e7,67,19,e3,b9,45,7f,11,1e,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,b4,39,3d,12,83,
5a,a9,12,f5,1d,4d,73,a8,13,5c,05,cf,5f,7f,03,7c,ce,5d,ff,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ac,9d,ca,a7,24,
82,00,bb,df,20,58,62,78,6b,cf,c8,d8,f9,73,f2,56,8d,20,79,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,79,01,79,af,9a,
51,e5,7c,fb,a7,78,e6,12,2f,9a,ea,99,12,07,53,8b,b3,72,4b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,64,52,ce,90,49,
1d,e0,e1,01,3a,48,fc,e8,04,4a,f1,6d,91,f3,87,16,63,95,b0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1d,2c,86,3a,6d,
32,40,3c,f6,0f,4e,58,98,5b,89,c9,bb,1a,32,3a,67,7b,b5,36,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,4a,d5,84,8e,e6,
2f,21,b2,3d,ce,ea,26,2d,45,aa,78,b0,c4,0f,5e,a9,14,99,42,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,6e,34,a2,40,d2,
41,6d,46,2a,b7,cc,b5,b9,7f,41,e7,63,64,f9,e3,51,81,84,90,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,eb,8f,de,de,5a,
b6,e1,75,6c,43,2d,1e,aa,22,2f,9c,1f,11,37,05,e4,ea,ce,6d,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Longhorn Inspirat\ObjectDock\DockShellHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-16 11:29
ComboFix-quarantined-files.txt 2009-07-16 09:29
Pre-Run: 26 544 349 184 octets libres
Post-Run: 26 587 164 672 octets libres
235 --- E O F --- 2009-07-16 00:11