Trojan SPM/LX (aidez moi svp)

Résolu/Fermé
pyte - 14 juil. 2009 à 17:53
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 21 sept. 2009 à 13:49
Bonjour, j'été sur mon pc et un virus la infecté, il a ouvert system security et a commencé une analyse je lai etein sur le coup.
Je rallume mon pc et la il me met un fond d'ecran bleu avec ecris Warning... et me lance system security qui commence une analyse (la meme chose que la premeire fois), la barre de tache a disparu,dés que je clik sur bitdefender il me met "echec du lancement du moteur d'analyse Bitdefender" .
Imposible d'ouvrir "ajouter ou supprimé"



Voila le message ecrit sur le fond decran bleu

you're in danger!
your computer is infected with spyware
All you do with computer is stored forever in your hard disk
when you visit sites, send emails... all your action are logged. and it is impossible to remove them with standar tools .
your data is still avaible for forensics. and in some cases
secure yourself right now!
remove all spyware from your pc!
----------------------------------------------------------------------------------------
Autres infos
Je suis sous xp
J'ai bitdefender valide
Je suis sur un autre pc
Je n'est jamais installé System Security
Dés que System Security fais son analyse il me trouve plein de virus .
A voir également:

164 réponses

1- le rapport de Navilog1 .

Fix Navipromo version 4.0.1 commencé le 15/07/2009 11:17:27,17

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.07.2009 à 14h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : BIOS Date: 08/24/06 14:44:22 Ver: 08.00.10
USER : Mr Rigaud ( Administrator )
BOOT : Normal boot

Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Activated)

C:\ (Local Disk) - NTFS - Total:149 Go (Free:25 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
F:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
G:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
H:\ (CD or DVD)
U:\ (Local Disk) - NTFS - Total:465 Go (Free:416 Go)


Recherche executée en mode normal


[b]Aucune Infection Navipromo/Egdaccess trouvé/b



*** Scan terminé 15/07/2009 11:28:52,76 ***
0
Hier quand je lancé le logiciel apré que jtapé 2 il bouger pas jai prdu tro de temp --'



2- le rapport de Toolbar S&D .




-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : BIOS Date: 08/24/06 14:44:22 Ver: 08.00.10
USER : Mr Rigaud ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:25 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
F:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
G:\ (CD or DVD) - CDFS - Total:6 Go (Free:0 Go)
H:\ (CD or DVD)
U:\ (Local Disk) - NTFS - Total:465 Go (Free:416 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/07/2009|11:35 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\dinstallhelper.828BF2DB4ABE49FFB7D84F80988A696F.dll
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\dinstallhelper.ECE4B81A444B472197672A7C0CC6A5BB.dll
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio\kb127
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\windows\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\MRRIGA~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
"Default_Page_URL"="http://www.neuf.fr"
"Search Bar"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f"
"Start Page Restore"="http://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc="

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\Need.For.Speed.ProStreet+serial+crack+patch fr
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\DOCUME~1\MRRIGA~1\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\Need.For.Speed.ProStreet+serial+crack+patch fr\Desktop.ini
C:\DOCUME~1\MRRIGA~1\Favoris\Nouveau dossier\DownloadWarez.org - Serial Crack Keygen Rapidshare Torrent Full Download.url
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)
C:\DOCUME~1\MRRIGA~1\Mes documents\Ma musique\fat_joe_ft_lil_wayne_-_crack_house_dirty(3).mp3
C:\DOCUME~1\MRRIGA~1\Mes documents\musik\telecharg‚\fat_joe_ft_lil_wayne_-_crack_house_dirty(3).mp3
C:\DOCUME~1\MRRIGA~1\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\Desktop.ini
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\Thumbs.db
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Readme By Squall89.txt
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\[PC GAME ITA] - GTA_SAN_ANDREAS.mdf
C:\DOCUME~1\MRRIGA~1\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\[PC GAME ITA] - GTA_SAN_ANDREAS.mds



1 - "C:\ToolBar SD\TB_1.txt" - 15/07/2009|11:42 - Option : [2]

-----------\\ Fin du rapport a 11:42:51,75
2- le rapport de Toolbar S&D .
0
3- un nouveau "log.txt de" RSIT en entier . (2 months)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr Rigaud at 2009-07-15 11:47:24
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 26 GB (17%) free of 153 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:27, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Mr Rigaud\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mr Rigaud.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
Voila tout y est
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
1- Refais un coup de CCleaner ( registre compris )

C'est bon =)

2- Télécharge Ad-remover ( de C_XX ) sur ton bureau :

voila >>>>









.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:18:45, 15/07/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: THEBOSS | Utilisateur actuel: Mr Rigaud
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Mr Rigaud
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Trymedia Systems
HKU\S-1-5-21-220523388-1788223648-1801674531-1004\Software\Eorezo
HKU\S-1-5-21-220523388-1788223648-1801674531-1004\Software\ItsLabel
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
.
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel
C:\windows\Installer\c00e57.msi
C:\windows\Installer\c00e5d.msi
.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 7.0.5730.13 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.neuf.fr
Search bar: hxxp://home.microsoft.com/search/lobby/search.asp
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.google.fr/
Start Page: hxxp://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc=
Start Page Restore: hxxp://my.freeze.com/?AcquisitionID=b0091a03-677d-45fd-968d-a236b66cf0e5&s=&ipc=

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Always.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Atomix.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\A-Trakt.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Boanerges.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Denon DN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DenonDN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Digital.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DJ Console.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\K-Display.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Man-TK.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 05.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TASCAM.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TC.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Titanium Max.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\windj.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\Nissan Proto V1.0 (Light Patch).rar
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\RoadTextureModv2.2InlcudingPatches.zip
C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\Documents and Settings\Mr Rigaud\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\Documents and Settings\Mr Rigaud\Mes documents\My Music\Patch MsnCreative WLM 8.5 final[www.msncreative.net].exe
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
.
===================================
.
10386 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\DOCUME~1\MRRIGA~1\LOCALS~1\Temp
1 Fichier(s) - C:\windows\Temp
.
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 13:49:36 | 15/07/2009
.
============== E.O.F ==============
.
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
15 juil. 2009 à 14:46
la suite :


1- ! Déconnecte toi et ferme toutes applications en cours (Navigateur compris) !


• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis cette fois l'option "L" et tape sur [entrée] .

• Le nettoyage débute > Laisse travailler l'outil et ne touche à rien !...

--> Poste le rapport qui apparait à la fin dans ta prochaine réponse pour analyse et fais la suite ...

( Le rapport est sauvegardé aussi sous C:\Ad-Report-CLEAN.log)
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


==============================

2- Télécharge FindyKill ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :

> http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe

! Déconnecte toi d'internet, désactives ton antivirus et ferme toutes applications en cours !

--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .


Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .


# Double clique sur le raccourci FindyKill présent sur ton bureau pour lancer l'outil.

( sur la 1er fenêtre , tapes f puis [entrèe] pour la version en français ).

# Choisis l' option 1 ( Recherche )

# Laisse travailler l'outil et ne touche à rien pendant le scan .

# Une fois terminé, poste le rapport FindyKill.txt qui apparaitra.

Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\FindyKill.txt ).

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

0
Ad-remover

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 16:46:55, 15/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: THEBOSS | Utilisateur actuel: Mr Rigaud
.
Administrateur: Administrateur
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Mr Rigaud
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Trymedia Systems
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
.
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\ConfMedia.cyp.old
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\db
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoStats
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo\eoStats\eoStats.txt
C:\DOCUME~1\MRRIGA~1\APPLIC~1\EoRezo
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel\ItsTV
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
C:\DOCUME~1\MRRIGA~1\APPLIC~1\ItsLabel
C:\windows\Installer\c00e57.msi
C:\windows\Installer\c00e5d.msi

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 7.0.5730.13 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Always.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Atomix.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\A-Trakt.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Boanerges.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Darkfun.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Default.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Denon DN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DenonDN-S5000.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Digital.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\DJ Console.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\JN-SILVER.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\K-Display.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Man-TK.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\MIX Station SV 05.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TASCAM.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\TC.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\Titanium Max.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Skins\windj.zip
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\Nissan Proto V1.0 (Light Patch).rar
C:\Documents and Settings\Mr Rigaud\Bureau\buro\tdu\RoadTextureModv2.2InlcudingPatches.zip
C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe
C:\Documents and Settings\Mr Rigaud\Mes documents\My Games\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89).rar
C:\Documents and Settings\Mr Rigaud\Mes documents\My Music\Patch MsnCreative WLM 8.5 final[www.msncreative.net].exe
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip
C:\Documents and Settings\Mr Rigaud\Mes documents\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By GTA Squall89)\GTA Sa\Crack No-CD (By Squall89).zip
.
===================================
.
10780 Octet(s) - C:\Ad-Report-CLEAN.log
10700 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\DOCUME~1\MRRIGA~1\LOCALS~1\Temp
3 Fichier(s) - C:\windows\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
13 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 18:15:13 | 15/07/2009
.
============== E.O.F ==============
.
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
15 juil. 2009 à 18:55
bien ....

FindyKill maintenant ...

0
FindyKill





############################## | FindyKill V6.006 |

# User : Mr Rigaud (Administrateurs) # THEBOSS
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 19:07:21 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Pentium(R) D CPU 2.80GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ Enabled | (!) Outdated ]
# FW : BitDefender Firewall[ Enabled ]12.0

# C:\ # Disque fixe local # 149,04 Go (24,92 Go free) [disk de booss] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM # 1,91 Go (0 Mo free) [BF2 DVD] # UDF
# F:\ # Disque CD-ROM # 4,26 Go (0 Mo free) [RACEDRIVER3] # CDFS
# G:\ # Disque CD-ROM # 6,33 Go (0 Mo free) [COD4MW] # CDFS
# H:\ # Disque CD-ROM
# U:\ # Disque fixe local # 465,76 Go (416,11 Go free) [500G] # NTFS

############################## | Processus actifs |

C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\alg.exe
C:\windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\system32\wbem\wmiprvse.exe

################## | Registre Startup |

R1 - HKCU\..\Main: "Local Page"="C:\\windows\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
R1 - HKCU\..\Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
R1 - HKCU\..\Main: "Window Title"=""
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Mr Rigaud"
F2 - HKLM\..\logon:"AltDefaultUserName"="Mr Rigaud"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: BDAgent="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
04 - HKLM\..\Run: BitDefender Antiphishing Helper="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
04 - HKLM\..\Run: NvCplDaemon=RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run: nwiz=nwiz.exe /install
04 - HKLM\..\Run: NvMediaCenter=RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run: Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
04 - HKLM\..\Run: UpdatePDRShortCut="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: ctfmon.exe#C:\windows\system32\ctfmon.exe#
04 - HKCU\..\Run: msnmsgr#"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background#

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\Mr Rigaud\Temporary Internet Files |


################## | All Drives ... |

Présent ! E:\Setup.exe
Présent ! E:\autorun.inf
Présent ! F:\Setup.exe
Présent ! F:\autorun.inf
Présent ! G:\Setup.exe
Présent ! G:\autorun.inf

################## | Registre # Clés Run infectieuses |

Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\G
Shell\AutoRun\command =G:\setup\rsrc\Autorun.exe
Shell\dinstall\command =G:\Directx\dxsetup.exe

HKCU\..\..\Explorer\MountPoints2\{4e73130a-045d-11dc-8949-0018f3175c1f}
Shell\AutoRun\command =C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{4f76e22b-a4f5-11dc-8a53-0018f3175c1f}
Shell\AutoRun\command =C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

HKCU\..\..\Explorer\MountPoints2\{c97b3366-624d-11dd-8b56-0018f3175c1f}
Shell\AutoRun\command =WD_Windows_Tools\Setup.exe

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe"
28/12/2006 17:51 |Size : 37943614 |Crc32 : 7f76dd70 |Md5 : 22ff65217a6be5137b83f5a2c03e2f85

"C:\Documents and Settings\Mr Rigaud\Bureau\CALL.OF.DUTY.4.FRENCH-ReAZOn\burro\crack\nfs.exe"
05/12/2007 07:02 |Size : 43090956 |Crc32 : cccee109 |Md5 : 6f0348f24aafbf2e9c673f9b98197447


################## | ! Fin du rapport # FindyKill V6.006 ! |
0
Findykill il a scaner pendant 3h00 --"





############################## | FindyKill V6.006 |

# User : Mr Rigaud (Administrateurs) # THEBOSS
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 20:21:27 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Pentium(R) D CPU 2.80GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : BitDefender Antivirus 12.0 [ Enabled | (!) Outdated ]
# FW : BitDefender Firewall[ Enabled ]12.0

# C:\ # Disque fixe local # 149,04 Go (24,99 Go free) [disk de booss] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM # 1,91 Go (0 Mo free) [BF2 DVD] # UDF
# F:\ # Disque CD-ROM # 4,26 Go (0 Mo free) [RACEDRIVER3] # CDFS
# G:\ # Disque CD-ROM # 6,33 Go (0 Mo free) [COD4MW] # CDFS
# H:\ # Disque CD-ROM
# U:\ # Disque fixe local # 465,76 Go (416,11 Go free) [500G] # NTFS

############################## | Processus actifs |

C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\Mr Rigaud\Temporary Internet Files |


################## | All Drives ... |

(!) Non supprimé ! E:\Setup.exe
(!) Non supprimé ! E:\autorun.inf
(!) Non supprimé ! F:\Setup.exe
(!) Non supprimé ! F:\autorun.inf
(!) Non supprimé ! G:\Setup.exe
(!) Non supprimé ! G:\autorun.inf
################## | Autres ... |


################## | Registre # Clés Run infectieuses |

# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\G\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4e73130a-045d-11dc-8949-0018f3175c1f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4f76e22b-a4f5-11dc-8a53-0018f3175c1f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c97b3366-624d-11dd-8b56-0018f3175c1f}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[15/07/2009 18:22|--a------|11138] - C:\Ad-Report-CLEAN.log
[15/07/2009 13:49|--a------|10700] - C:\Ad-Report-SCAN.log
[02/03/2006 14:00|-rahs----|4952] - C:\Bootfont.bin
[15/07/2009 11:28|--a------|1115] - C:\cleannavi.txt
[15/07/2009 22:38|--a------|3130] - C:\FindyKill.txt
[01/01/2002 15:08|-rahs----|0] - C:\IO.SYS
[01/01/2002 15:08|-rahs----|0] - C:\MSDOS.SYS
[02/03/2006 14:00|-rahs----|47564] - C:\NTDETECT.COM
[24/09/2008 19:10|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[15/07/2009 11:42|--a------|5428] - C:\TB.txt
[?|?|?] - E:\autorun
[?|?|?] - E:\BFMC
[?|?|?] - E:\directx
[?|?|?] - E:\nvidia_driver
[?|?|?] - E:\Redist
[?|?|?] - E:\Support
[23/05/2005 01:22|-r-------|20482048] - E:\00000001.TMP
[23/05/2005 01:22|-r-------|317440] - E:\00000002.TMP
[23/05/2005 01:22|-r-------|1187840] - E:\Autorun.exe
[23/05/2005 01:22|-r-------|43] - E:\Autorun.inf
[23/05/2005 01:22|-r-------|4150] - E:\BF2.ico
[23/05/2005 01:16|-r-------|11681272] - E:\data1.cab
[23/05/2005 01:16|-r-------|204923] - E:\data1.hdr
[23/05/2005 01:22|-r-------|1888953769] - E:\data2.cab
[22/10/2004 06:16|-r-------|470174] - E:\engine32.cab
[23/05/2005 01:22|-r-------|10023] - E:\layout.bin
[21/05/2005 15:45|-r-------|1279256] - E:\Setup.bmp
[22/10/2004 06:16|-r-------|118736] - E:\setup.exe
[23/05/2005 01:16|-r-------|464834] - E:\setup.ibt
[23/05/2005 01:16|-r-------|621] - E:\setup.ini
[23/05/2005 01:15|-r-------|249796] - E:\setup.inx
[25/01/2006 16:37|-r-------|1404928] - F:\Autorun.exe
[20/11/2005 15:35|-r-------|81] - F:\autorun.inf
[25/01/2006 17:51|-r-------|9829937] - F:\data1.cab
[25/01/2006 17:51|-r-------|431079] - F:\data1.hdr
[25/01/2006 18:00|-r-------|1384865792] - F:\data2.cab
[25/01/2006 18:04|-r-------|807856734] - F:\data3.cab
[25/01/2006 18:06|-r-------|512] - F:\data4.cab
[16/07/2004 03:09|-r-------|461268] - F:\engine32.cab
[25/01/2006 18:06|-r-------|3387] - F:\layout.bin
[02/12/2005 16:08|-r-------|734003200] - F:\pad700.dat
[16/09/2002 17:00|-r-------|12] - F:\rd3_eur
[20/11/2005 15:35|-r-------|101] - F:\rd3inst.cfg
[16/07/2004 03:09|-r-------|117200] - F:\setup.exe
[25/01/2006 17:50|-r-------|424423] - F:\setup.ibt
[25/01/2006 17:50|-r-------|515] - F:\setup.ini
[25/01/2006 17:50|-r-------|243962] - F:\setup.inx
[19/04/2004 04:10|-r-------|250296] - F:\setup.isn
[06/10/2007 00:56|-r-------|20482048] - G:\00000001.TMP
[16/05/2006 22:02|-r-------|7242] - G:\0x040c.ini
[06/10/2007 00:53|-r-------|8784384] - G:\CoD4MW.msi
[01/04/2006 00:39|-r-------|41168] - G:\FirewallInstallHelper.dll
[06/10/2007 00:49|-r-------|2231014] - G:\ISSetup.dll
[06/10/2007 00:53|-r-------|464970] - G:\PB.cab
[06/10/2007 00:53|-r-------|2058] - G:\Setup.ini
[16/05/2006 20:58|-r-------|2584848] - G:\WindowsInstaller-KB893803-x86.exe
[12/06/2007 04:27|-r-------|140] - G:\autorun.inf
[16/05/2006 20:58|-r-------|1708856] - G:\instmsia.exe
[16/05/2006 20:58|-r-------|1822520] - G:\instmsiw.exe
[11/07/2007 23:18|-r-------|673576] - G:\pbsvc.exe
[06/10/2007 00:53|-r-------|316728] - G:\setup.exe
[27/09/2007 01:02|-r-------|364616] - G:\splash.bmp
[06/10/2007 00:55|-r-------|152] - G:\version.inf

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# U:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )

################## | PEH ... |


################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Mr Rigaud\Bureau\buro\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\Atomix Virtual Dj 4.2 r1+ Seriale+Plugin+Skins\install_virtualdj_v4.2r1.exe"
28/12/2006 17:51 |Size : 37943614 |Crc32 : 7f76dd70 |Md5 : 22ff65217a6be5137b83f5a2c03e2f85


################## | ! Fin du rapport # FindyKill V6.006 ! |
0
RSIT



Logfile of random's system information tool 1.06 (written by random/random)
Run by Mr Rigaud at 2009-07-15 22:59:37
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 26 GB (17%) free of 153 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:40, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Mr Rigaud\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mr Rigaud.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
1- refais un coup de CCleaner ( registre compris ) c'est bon ..
0
--" beug il a pas mi en ligne la fin de mon message ..

Mbam-setup.exe :
Je double clik sur le logiciel il me met le petit sablié a coté de la souri puis pu rien, comme jai pas ma barre de tache jpeut pas desactivé bitdefender :/ jsuis pas sur que sa vienne de l'antivirus .
quand je fais Crtl+Alt+Suppr il me mais dans les procesus Mbam-setup.exe mais pas dans les application :/
0
okok voila


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 00:32:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 8A4B1ED8 ZwEnumerateKey
Code 8A498410 ZwFlushInstructionCache
Code 8A4F3276 IofCallDriver
Code 8A7342C6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A4F327B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A7342CB
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A4B1EDC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A498414
? C:\windows\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B9D5062C 5 Bytes JMP 8A66B1B8
? System32\Drivers\ab6f37gj.SYS Le chemin d'accès spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00C1000A
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00C2000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0278000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0279000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02F7000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02F8000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 009D000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 009E000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B8000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00B9000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B7000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BA000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02CB000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02CE000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00BB000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BC000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0295000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0296000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02E2000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02E3000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E8000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E9000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BC000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BD000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D6000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D7000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D4000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D5000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0294000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0295000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D0000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D1000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 029F000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02A0000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00F3000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00F4000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E9000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BB000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F341 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451178F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511710 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511754 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451169C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445116D6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445117CA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!connect 719F406A 5 Bytes JMP 10011C20
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!send 719F428A 5 Bytes JMP 10011C00
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!recv 719F615A 5 Bytes JMP 10011BE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 10011DE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersA 4408FB4D 5 Bytes JMP 02C6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersW 440FD14D 5 Bytes JMP 02D7000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7D71D8
Device \FileSystem\Udfs \UdfsCdRom 8A56A5C8
Device \FileSystem\Udfs \UdfsDisk 8A56A5C8

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbuhci \Device\USBPDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-1 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-2 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-3 8A62F1D8
Device \Driver\00000066 \Device\00000054 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 8A6021D8

AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7D91D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D25889AA-CA0D-48B9-A5B8-B83FCA88131C} 8A36E558
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7D91D8
Device \Driver\Cdrom \Device\CdRom1 8A5DC1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A5DC1D8
Device \Driver\Cdrom \Device\CdRom3 8A5DC1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A36E558
Device \Driver\NetBT \Device\NetbiosSmb 8A36E558
Device \Driver\NetBT \Device\NetBT_Tcpip_{355E3094-2D9D-4A46-BE76-AF05292CE8AD} 8A36E558

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbuhci \Device\USBFDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBFDO-1 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A55C400
Device \Driver\usbuhci \Device\USBFDO-2 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A55C400
Device \Driver\usbuhci \Device\USBFDO-3 8A62F1D8
Device \Driver\usbehci \Device\USBFDO-4 8A6021D8
Device \Driver\Ftdisk \Device\FtControl 8A7D91D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iteatapi \Device\Scsi\iteatapi1 8A7D81D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A51E460
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1264] 0x047D0000

---- Services - GMER 1.0.15 ----

Service C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\nss84.tmp\UAC.dll 16384 bytes executable
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\UAC6265.tmp 343040 bytes executable
0
okok voila


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 00:32:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 8A4B1ED8 ZwEnumerateKey
Code 8A498410 ZwFlushInstructionCache
Code 8A4F3276 IofCallDriver
Code 8A7342C6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A4F327B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A7342CB
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 8A4B1EDC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 8A498414
? C:\windows\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B9D5062C 5 Bytes JMP 8A66B1B8
? System32\Drivers\ab6f37gj.SYS Le chemin d'accès spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00C1000A
.text C:\windows\system32\nvsvc32.exe[272] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00C2000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0278000A
.text C:\windows\system32\PnkBstrA.exe[336] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0279000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02F7000A
.text C:\windows\Explorer.EXE[812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02F8000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 009D000A
.text C:\windows\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 009E000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B8000A
.text C:\windows\system32\services.exe[1088] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00B9000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00B7000A
.text C:\windows\system32\lsass.exe[1100] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BA000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02CB000A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1420] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02CE000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00BB000A
.text C:\windows\System32\alg.exe[1572] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00BC000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0295000A
.text C:\windows\system32\ctfmon.exe[1628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0296000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02E2000A
.text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[1840] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02E3000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00DF000A
.text C:\windows\system32\RUNDLL32.EXE[2124] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E0000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E8000A
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2248] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E9000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BC000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2288] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BD000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D6000A
.text C:\Program Files\SAGEM WiFi manager\WLANUTL.exe[2316] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D7000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D4000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe[2356] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D5000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0294000A
.text C:\windows\system32\wuauclt.exe[2508] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0295000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02D0000A
.text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2652] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02D1000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 029F000A
.text C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe[2832] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02A0000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00F3000A
.text C:\Documents and Settings\Mr Rigaud\Bureau\hpu0fwC3qy_gmer.exe[3812] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00F4000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E9000A
.text C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE[3892] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02BA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02BB000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F341 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451178F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511710 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511754 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451169C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445116D6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445117CA C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!connect 719F406A 5 Bytes JMP 10011C20
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!send 719F428A 5 Bytes JMP 10011C00
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!recv 719F615A 5 Bytes JMP 10011BE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 10011DE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersA 4408FB4D 5 Bytes JMP 02C6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3968] WININET.dll!HttpAddRequestHeadersW 440FD14D 5 Bytes JMP 02D7000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \windows\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751442C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752EAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7514480] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7500ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7500C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7500B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F750172E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7501604] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7D71D8
Device \FileSystem\Udfs \UdfsCdRom 8A56A5C8
Device \FileSystem\Udfs \UdfsDisk 8A56A5C8

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbuhci \Device\USBPDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-1 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-2 8A62F1D8
Device \Driver\usbuhci \Device\USBPDO-3 8A62F1D8
Device \Driver\00000066 \Device\00000054 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 8A6021D8

AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7D91D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D25889AA-CA0D-48B9-A5B8-B83FCA88131C} 8A36E558
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7D91D8
Device \Driver\Cdrom \Device\CdRom1 8A5DC1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8A84B1D8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A84B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A5DC1D8
Device \Driver\Cdrom \Device\CdRom3 8A5DC1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A36E558
Device \Driver\NetBT \Device\NetbiosSmb 8A36E558
Device \Driver\NetBT \Device\NetBT_Tcpip_{355E3094-2D9D-4A46-BE76-AF05292CE8AD} 8A36E558

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbuhci \Device\USBFDO-0 8A62F1D8
Device \Driver\usbuhci \Device\USBFDO-1 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A55C400
Device \Driver\usbuhci \Device\USBFDO-2 8A62F1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A55C400
Device \Driver\usbuhci \Device\USBFDO-3 8A62F1D8
Device \Driver\usbehci \Device\USBFDO-4 8A6021D8
Device \Driver\Ftdisk \Device\FtControl 8A7D91D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target2Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iteatapi \Device\Scsi\iteatapi1 8A7D81D8
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target3Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 8A5C7660
Device \Driver\ab6f37gj \Device\Scsi\ab6f37gj1Port5Path0Target1Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A51E460
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1264] 0x047D0000

---- Services - GMER 1.0.15 ----

Service C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x2B 0x58 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0xD9 0x3E 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7C 0x7A 0x41 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0xBE 0xD3 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE0 0xC7 0x1A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACfqrdqbuyqvkiltewn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACpjwxltchrlarhhopx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACemkardlogpryifbup.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpamitroyxwaiiawsr.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACykylukwwkriywmebk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrpddulcgstsrpbbow.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbwqfrgvpkqdfroxqp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\nss84.tmp\UAC.dll 16384 bytes executable
File C:\Documents and Settings\Mr Rigaud\Local Settings\Temp\UAC6265.tmp 343040 bytes executable
0
" bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ... "
Je ne vois pas ou
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
16 juil. 2009 à 00:50
re,

lis la suite de la manipe ... ^^

double-clique sur "CFix.exe" ( = combofix.exe ) pour lancer l'outil . 

-- Pour XP > laisse toi guider pour faire l'installe de la console de récupération . reconnecte toi uniquement le temps de cette manipulation . une fois le console installée ,re-déconnecte toi avant de poursuivre -- 


0
ComboFix 09-07-14.08 - Mr Rigaud 16/07/2009 0:53:56.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1690 [GMT 2:00]
Running from: C:\Documents and Settings\Mr Rigaud\Bureau\CFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Installer\WMEncoder.msi
C:\windows\system32\_004243_.tmp.dll
C:\windows\system32\_004244_.tmp.dll
C:\windows\system32\_004245_.tmp.dll
C:\windows\system32\_004246_.tmp.dll
C:\windows\system32\_004253_.tmp.dll
C:\windows\system32\_004254_.tmp.dll
C:\windows\system32\_004255_.tmp.dll
C:\windows\system32\_004256_.tmp.dll
C:\windows\system32\_004258_.tmp.dll
C:\windows\system32\_004259_.tmp.dll
C:\windows\system32\_004262_.tmp.dll
C:\windows\system32\_004263_.tmp.dll
C:\windows\system32\_004265_.tmp.dll
C:\windows\system32\_004266_.tmp.dll
C:\windows\system32\_004267_.tmp.dll
C:\windows\system32\_004269_.tmp.dll
C:\windows\system32\_004270_.tmp.dll
C:\windows\system32\_004272_.tmp.dll
C:\windows\system32\_004273_.tmp.dll
C:\windows\system32\_004277_.tmp.dll
C:\windows\system32\_004278_.tmp.dll
C:\windows\system32\_004280_.tmp.dll
C:\windows\system32\_004283_.tmp.dll
C:\windows\system32\_004285_.tmp.dll
C:\windows\system32\_004286_.tmp.dll
C:\windows\system32\_004287_.tmp.dll
C:\windows\system32\_004288_.tmp.dll
C:\windows\system32\_004289_.tmp.dll
C:\windows\system32\_004292_.tmp.dll
C:\windows\system32\_004293_.tmp.dll
C:\windows\system32\_004294_.tmp.dll
C:\windows\system32\_004295_.tmp.dll
C:\windows\system32\_004296_.tmp.dll
C:\windows\system32\_004301_.tmp.dll
C:\windows\system32\_004303_.tmp.dll
C:\windows\system32\drivers\UACvmpfqmqsntjxjnsvx.sys
C:\windows\system32\UACbwqfrgvpkqdfroxqp.dll
C:\windows\system32\UACemkardlogpryifbup.dll
C:\windows\system32\UACfqrdqbuyqvkiltewn.dll
C:\windows\system32\uacinit.dll
C:\windows\system32\UACpamitroyxwaiiawsr.db
C:\windows\system32\UACpjwxltchrlarhhopx.dat
C:\windows\system32\UACrpddulcgstsrpbbow.dll
C:\windows\system32\uactmp.db
C:\windows\system32\UACykylukwwkriywmebk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
16 juil. 2009 à 08:41
re,


le rapport n'est pas complet ...


reposte le en entier stp ... ;)


0
ComboFix 09-07-14.08 - Mr Rigaud 16/07/2009 11:19.3.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1535 [GMT 2:00]
Running from: c:\documents and settings\Mr Rigaud\Bureau\CFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-15 17:05 . 2009-07-15 20:41 -------- d-----w- C:\FindyKill
2009-07-15 10:18 . 2009-07-15 16:15 -------- d-----w- c:\program files\Ad-remover
2009-07-14 20:32 . 2009-07-15 09:42 -------- d-----w- C:\ToolBar SD
2009-07-14 20:20 . 2009-07-14 20:20 -------- d-----w- c:\program files\CCleaner
2009-07-14 19:59 . 2009-07-15 09:28 -------- d-----w- c:\program files\Navilog1
2009-07-14 18:05 . 2009-07-14 18:05 -------- d-----w- C:\_OTM
2009-07-14 16:52 . 2009-07-14 16:52 -------- d-----w- C:\rsit
2009-07-14 16:48 . 2009-07-14 16:48 -------- d-----w- c:\program files\Trend Micro
2009-07-03 14:18 . 2009-07-03 14:39 -------- d-----w- c:\documents and settings\Mr Rigaud\Application Data\Notepad++
2009-07-03 14:18 . 2009-07-03 14:18 -------- d-----w- c:\program files\Notepad++
2009-06-23 17:09 . 2009-06-23 17:09 -------- d-----w- c:\program files\Lavalys
2009-06-20 10:33 . 2009-06-24 12:54 -------- d-----w- c:\windows\system32\NtmsData
2009-06-20 09:34 . 2009-06-20 09:34 49152 ----a-r- c:\documents and settings\Mr Rigaud\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 20:42 . 2006-03-02 12:00 79028 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-15 20:42 . 2006-03-02 12:00 494650 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 14:20 . 2008-07-16 14:46 -------- d-----w- c:\program files\eMule
2009-07-13 18:45 . 2009-06-08 16:47 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-07-10 14:15 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-06 07:37 . 2008-12-25 19:59 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-05 16:02 . 2009-03-19 17:52 -------- d-----w- c:\program files\FrostWire
2009-06-29 15:46 . 2007-04-09 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-06-20 08:51 . 2009-05-01 20:56 -------- d-----w- c:\program files\Incomplete
2009-06-19 19:20 . 2008-11-10 17:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 16:38 . 2009-03-19 17:54 -------- d-----w- c:\documents and settings\Mr Rigaud\Application Data\FrostWire
2009-06-16 14:54 . 2006-03-02 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 17:03 . 2002-01-01 13:28 23216 ----a-w- c:\documents and settings\Mr Rigaud\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 13:04 . 2002-01-01 13:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 11:37 . 2009-06-11 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-11 11:33 . 2009-06-11 11:31 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-06-11 11:32 . 2009-06-11 11:32 -------- d-----w- c:\program files\Nero
2009-06-07 17:21 . 2009-06-07 15:17 -------- d-----w- c:\program files\MSN Password Recovery
2009-06-03 19:27 . 2006-03-02 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 17:01 . 2009-05-28 17:01 -------- d-----w- c:\program files\Windows Journal Viewer
2009-05-24 18:56 . 2008-10-14 12:00 1 ----a-w- c:\documents and settings\Mr Rigaud\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-08 10:30 . 2009-05-08 10:27 2328 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-05-08 10:30 . 2007-03-05 19:56 46826 ----a-w- c:\windows\BricoPackUninst.cmd
2009-05-07 15:43 . 2008-09-24 16:47 347136 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 15:44 . 2009-03-07 18:15 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-04-30 20:32 . 2008-03-29 11:27 81984 ----a-w- c:\windows\system32\bdod.bin
2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:09 . 2008-09-24 16:47 1846784 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[-] 2007-06-13 13:22 2119168 F2BAF212FF37C741CB1269F4574F8ED3 c:\windows\explorer.exe
[7] 2007-06-13 13:10 1037312 B795475444D6D57A572C14B9E1A29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-03-02 12:00 1884672 2FB4F2728B5011FB7B1D62C2A23BC8B0 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
[-] 2007-06-13 13:22 2119168 F2BAF212FF37C741CB1269F4574F8ED3 c:\windows\system32\dllcache\explorer.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-26 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-02 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Mr Rigaud\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]
Y'z Toolbar.lnk - c:\windows\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe [2002-9-29 90112]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-3-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-22 688128]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-7-16 950272]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Mr Rigaud^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\Mr Rigaud\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Documents and Settings\\Mr Rigaud\\Bureau\\buro\\iexplore.exe"=
"c:\\Program Files\\Graffiti Studio 2.0\\Graffiti Studio.exe"=

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [30/07/2007 18:45 15172]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 12:07 82568]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [18/09/2008 11:11 103944]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [16/07/2008 14:07 450560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 11:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-1788223648-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,e5,74,28,cc,c7,63,8b,e9,e0,5f,29,59,8f,f4,66,77,e9,56,d1,70,72,5e,
99,6e,1c,d7,b1,5c,01,ce,00,c5,e0,77,cf,1f,3f,24,23,70,7d,f9,81,92,2c,11,d0,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-220523388-1788223648-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:a4,7b,b7,94,62,f2,f2,e2,61,a3,af,30,c8,ad,ad,d0,f1,20,20,f9,6b,
73,1c,d2,19,3f,6a,86,76,92,8a,cb,48,dd,c4,eb,6e,b8,a4,83,59,67,f9,1b,e0,a7,\
"rkeysecu"=hex:8e,82,8c,ad,b9,b9,00,43,62,c0,2c,43,1c,ab,5f,0e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9f,6b,d8,5a,17,
a7,7e,24,e2,63,26,f1,3f,c8,ff,68,5d,9d,ed,5f,37,eb,4e,04,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,80,0f,25,61,fd,
f1,a7,c0,6a,9c,d6,61,af,45,84,18,1a,64,d1,1b,c2,be,68,d5,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,a8,26,83,97,1a,
ff,df,47,ff,7c,85,e0,43,d4,0e,fe,60,e5,96,a5,19,cf,3f,7d,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,24,d4,2d,1e,9e,
5f,96,b8,86,8c,21,01,be,91,eb,e7,67,19,e3,b9,45,7f,11,1e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,b4,39,3d,12,83,
5a,a9,12,f5,1d,4d,73,a8,13,5c,05,cf,5f,7f,03,7c,ce,5d,ff,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ac,9d,ca,a7,24,
82,00,bb,df,20,58,62,78,6b,cf,c8,d8,f9,73,f2,56,8d,20,79,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,79,01,79,af,9a,
51,e5,7c,fb,a7,78,e6,12,2f,9a,ea,99,12,07,53,8b,b3,72,4b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,64,52,ce,90,49,
1d,e0,e1,01,3a,48,fc,e8,04,4a,f1,6d,91,f3,87,16,63,95,b0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1d,2c,86,3a,6d,
32,40,3c,f6,0f,4e,58,98,5b,89,c9,bb,1a,32,3a,67,7b,b5,36,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,4a,d5,84,8e,e6,
2f,21,b2,3d,ce,ea,26,2d,45,aa,78,b0,c4,0f,5e,a9,14,99,42,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,6e,34,a2,40,d2,
41,6d,46,2a,b7,cc,b5,b9,7f,41,e7,63,64,f9,e3,51,81,84,90,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,eb,8f,de,de,5a,
b6,e1,75,6c,43,2d,1e,aa,22,2f,9c,1f,11,37,05,e4,ea,ce,6d,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Longhorn Inspirat\ObjectDock\DockShellHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-16 11:29
ComboFix-quarantined-files.txt 2009-07-16 09:29

Pre-Run: 26 544 349 184 octets libres
Post-Run: 26 587 164 672 octets libres

235 --- E O F --- 2009-07-16 00:11
0