Rootkit UACD.SYS Windowsclick.com
Résolu
Pim
-
sKe69 Messages postés 21955 Statut Contributeur sécurité -
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour à tous,
depuis quelques temps j'essaye de me débarasser d'un rootkit. J'ai lancé Malware, avira, adaware, rien n'y fait, ce rootkit est bien ancré.
Entre les windowsclick et surtout depuis peu les reboot intempestifs qui font frémir ma bécane.
J'aurais besoin d'assistance pour "cleaner" mon souci svp.
Merci d'avance.
Voici ci-dessous le rapport de GMER.
GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-23 12:42:36
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xEE906D40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xEE906D50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xEE906D60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xEE906D80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xEE906DA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xEE906DD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xEE906DE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xEE906E00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xEE906E10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xEE906ED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xEE906FA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xEE906FE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xEE907020]
Code 86457968 ZwEnumerateKey
Code 865FAD60 ZwFlushInstructionCache
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
Code 8660CAF6 IofCallDriver
Code 864D395E IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 8660CAFB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 864D3963
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP EE90CE80 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP EE90C980 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 4 Bytes JMP 8645796C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 865FAD64
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F6F1862C 5 Bytes JMP 8656A358
? System32\Drivers\avqu456y.SYS Le chemin d'accès spécifié est introuvable. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7771886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7771832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7793892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7771886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F775BAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F775BC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F775BB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F775C748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F775C61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7770ACA] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867631E8
AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
Device \FileSystem\Fastfat \FatCdrom 866531E8
Device \Driver\usbohci \Device\USBPDO-0 8646F4C8
Device \Driver\usbohci \Device\USBPDO-1 8646F4C8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867D31E8
Device \Driver\dmio \Device\DmControl\DmConfig 867D31E8
Device \Driver\dmio \Device\DmControl\DmPnP 867D31E8
Device \Driver\dmio \Device\DmControl\DmInfo 867D31E8
Device \Driver\usbohci \Device\USBPDO-2 8646F4C8
Device \Driver\usbehci \Device\USBPDO-3 864467A0
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867651E8
Device \Driver\USBSTOR \Device\00000072 864CF1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867641E8
Device \Driver\atapi \Device\Ide\IdePort0 867641E8
Device \Driver\atapi \Device\Ide\IdePort1 867641E8
Device \Driver\atapi \Device\Ide\IdePort2 867641E8
Device \Driver\atapi \Device\Ide\IdePort3 867641E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b 867641E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 867641E8
Device \Driver\USBSTOR \Device\00000073 864CF1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 863D97A0
Device \Driver\PCI_NTPNP1520 \Device\0000004b sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb 863D97A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{CB5239B1-6846-498E-8AA6-2D2946BFEA3A} 863D97A0
Device \Driver\usbohci \Device\USBFDO-0 8646F4C8
Device \Driver\usbohci \Device\USBFDO-1 8646F4C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 865B77A0
Device \Driver\usbohci \Device\USBFDO-2 8646F4C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 865B77A0
Device \Driver\usbehci \Device\USBFDO-3 864467A0
Device \Driver\Ftdisk \Device\FtControl 867651E8
Device \Driver\avqu456y \Device\Scsi\avqu456y1Port4Path0Target2Lun0 863B5510
Device \Driver\avqu456y \Device\Scsi\avqu456y1Port4Path0Target1Lun0 863B5510
Device \Driver\avqu456y \Device\Scsi\avqu456y1Port4Path0Target3Lun0 863B5510
Device \Driver\avqu456y \Device\Scsi\avqu456y1Port4Path0Target0Lun0 863B5510
Device \Driver\avqu456y \Device\Scsi\avqu456y1 863B5510
Device \FileSystem\Fastfat \Fat 866531E8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
Device \FileSystem\Cdfs \Cdfs 865CF7A0
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [204] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [600] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [892] 0x026B0000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [984] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1052] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1124] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1268] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3020] 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACmxdoyrjbap.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x02 0xAC 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x62 0x1C 0x9D 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB9 0x58 0x99 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xDF 0x4F 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACmxdoyrjbap.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACmxdoyrjbap.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqmuptxvkdw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACsqklvbsdov.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACwqqpfulqib.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x30 0x34 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x06 0x33 0x71 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x02 0xAC 0x30 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x62 0x1C 0x9D 0x26 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB9 0x58 0x99 0x4D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xDF 0x4F 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACmxdoyrjbap.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACmxdoyrjbap.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqmuptxvkdw.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACsqklvbsdov.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACwqqpfulqib.dll
---- Files - GMER 1.0.15 ----
File C:\Level1_Arial.css.mno 413 bytes
File C:\Level1_Times.css.mno 423 bytes
File C:\Level1_Verdana.css.mno 419 bytes
File C:\Level2_Arial_Forms.css.mno 485 bytes
File C:\Level2_Arial_Text.css.mno 461 bytes
File C:\Level2_Times_Forms.css.mno 495 bytes
File C:\Level2_Times_Text.css.mno 471 bytes
File C:\Level2_Verdana_Forms.css.mno 491 bytes
File C:\Level2_Verdana_Text.css.mno 467 bytes
File C:\Level3_1.css.mno 475 bytes
File C:\Level3_2.css.mno 472 bytes
File C:\Level3_3.css.mno 470 bytes
---- EOF - GMER 1.0.15 ----
depuis quelques temps j'essaye de me débarasser d'un rootkit. J'ai lancé Malware, avira, adaware, rien n'y fait, ce rootkit est bien ancré.
Entre les windowsclick et surtout depuis peu les reboot intempestifs qui font frémir ma bécane.
J'aurais besoin d'assistance pour "cleaner" mon souci svp.
Merci d'avance.
Voici ci-dessous le rapport de GMER.
GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-23 12:42:36
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xEE906D40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xEE906D50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xEE906D60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xEE906D80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xEE906DA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xEE906DD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xEE906DE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xEE906E00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xEE906E10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xEE906ED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xEE906FA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xEE906FE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xEE907020]
Code 86457968 ZwEnumerateKey
Code 865FAD60 ZwFlushInstructionCache
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
Code 8660CAF6 IofCallDriver
Code 864D395E IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 8660CAFB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 864D3963
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP EE90CE80 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP EE90C980 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 4 Bytes JMP 8645796C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 865FAD64
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F6F1862C 5 Bytes JMP 8656A358
? System32\Drivers\avqu456y.SYS Le chemin d'accès spécifié est introuvable. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7771886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7771832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7793892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7771886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F775BAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F775BC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F775BB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F775C748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F775C61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7770ACA] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867631E8
AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
Device \FileSystem\Fastfat \FatCdrom 866531E8
Device \Driver\usbohci \Device\USBPDO-0 8646F4C8
Device \Driver\usbohci \Device\USBPDO-1 8646F4C8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867D31E8
Device \Driver\dmio \Device\DmControl\DmConfig 867D31E8
Device \Driver\dmio \Device\DmControl\DmPnP 867D31E8
Device \Driver\dmio \Device\DmControl\DmInfo 867D31E8
Device \Driver\usbohci \Device\USBPDO-2 8646F4C8
Device \Driver\usbehci \Device\USBPDO-3 864467A0
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867651E8
Device \Driver\USBSTOR \Device\00000072 864CF1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867641E8
Device \Driver\atapi \Device\Ide\IdePort0 867641E8
Device \Driver\atapi \Device\Ide\IdePort1 867641E8
Device \Driver\atapi \Device\Ide\IdePort2 867641E8
Device \Driver\atapi \Device\Ide\IdePort3 867641E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b 867641E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 867641E8
Device \Driver\USBSTOR \Device\00000073 864CF1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 863D97A0
Device \Driver\PCI_NTPNP1520 \Device\0000004b sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb 863D97A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{CB5239B1-6846-498E-8AA6-2D2946BFEA3A} 863D97A0
Device \Driver\usbohci \Device\USBFDO-0 8646F4C8
Device \Driver\usbohci \Device\USBFDO-1 8646F4C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 865B77A0
Device \Driver\usbohci \Device\USBFDO-2 8646F4C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 865B77A0
Device \Driver\usbehci \Device\USBFDO-3 864467A0
Device \Driver\Ftdisk \Device\FtControl 867651E8
Device \Driver\avqu456y \Device\Scsi\avqu456y1Port4Path0Target2Lun0 863B5510
Device \Driver\avqu456y \Device\Scsi\avqu456y1Port4Path0Target1Lun0 863B5510
Device \Driver\avqu456y \Device\Scsi\avqu456y1Port4Path0Target3Lun0 863B5510
Device \Driver\avqu456y \Device\Scsi\avqu456y1Port4Path0Target0Lun0 863B5510
Device \Driver\avqu456y \Device\Scsi\avqu456y1 863B5510
Device \FileSystem\Fastfat \Fat 866531E8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
Device \FileSystem\Cdfs \Cdfs 865CF7A0
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [204] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [600] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [892] 0x026B0000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [984] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1052] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1124] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1268] 0x10000000
Library \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3020] 0x10000000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACmxdoyrjbap.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x02 0xAC 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x62 0x1C 0x9D 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB9 0x58 0x99 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xDF 0x4F 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACmxdoyrjbap.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACmxdoyrjbap.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqmuptxvkdw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACsqklvbsdov.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACwqqpfulqib.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x30 0x34 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x06 0x33 0x71 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7B 0x02 0xAC 0x30 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x62 0x1C 0x9D 0x26 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB9 0x58 0x99 0x4D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xDF 0x4F 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x9B 0x1E 0xCD 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACmxdoyrjbap.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACmxdoyrjbap.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqmuptxvkdw.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACsqklvbsdov.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACwqqpfulqib.dll
---- Files - GMER 1.0.15 ----
File C:\Level1_Arial.css.mno 413 bytes
File C:\Level1_Times.css.mno 423 bytes
File C:\Level1_Verdana.css.mno 419 bytes
File C:\Level2_Arial_Forms.css.mno 485 bytes
File C:\Level2_Arial_Text.css.mno 461 bytes
File C:\Level2_Times_Forms.css.mno 495 bytes
File C:\Level2_Times_Text.css.mno 471 bytes
File C:\Level2_Verdana_Forms.css.mno 491 bytes
File C:\Level2_Verdana_Text.css.mno 467 bytes
File C:\Level3_1.css.mno 475 bytes
File C:\Level3_2.css.mno 472 bytes
File C:\Level3_3.css.mno 470 bytes
---- EOF - GMER 1.0.15 ----
A voir également:
- Rootkit UACD.SYS Windowsclick.com
- Rootkit - Télécharger - Antivirus & Antimalwares
- Rootkit hunter - Télécharger - Antivirus & Antimalwares
- Sophos anti rootkit - Télécharger - Antivirus & Antimalwares
- Avg anti rootkit - Télécharger - Antivirus & Antimalwares
- Panda anti-rootkit - Télécharger - Antivirus & Antimalwares
30 réponses
Voilà ce que j'avais avant avec MalwareBytes :
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 2
19/08/2009 22:24:32
mbam-log-2009-08-19 (22-24-32).txt
Type de recherche: Examen rapide
Eléments examinés: 98360
Temps écoulé: 5 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (Rogue.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cb5239b1-6846-498e-8aa6-2d2946bfea3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cb5239b1-6846-498e-8aa6-2d2946bfea3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cb5239b1-6846-498e-8aa6-2d2946bfea3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\pim\Application Data\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\temp (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Menu Démarrer\Programmes\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\temp (Rogue.PCenter) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
\\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\cg.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\mw.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\rd.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\sc.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\sm.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\sp.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys\cg.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys\rd.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys\sc.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys\sp.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\temp\settings.ini (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\temp\spfilter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\cg.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\mw.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\rd.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\sc.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\sm.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\sp.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys\cg.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys\rd.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys\sc.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys\sp.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\temp\settings.ini (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\temp\spfilter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Rapport GenProc :
Rapport GenProc 2.615 [1] - 23/08/2009 à 18:08:16
@ Windows XP Service Pack 2 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]
~~ "C:\WINDOWS\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\WINDOWS\grep.exe" a été renommé grep.exe_RenameGenProc ~~
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :
C:\ZHPExportRegistry-23-08-2009-13-43-18.txt
et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:05, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Genproc\outil\pim_GenProc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shotokukan.110mb.com/1024/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/55.11/uploader2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pimlepao.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O24 - Desktop Component 0: (no name) - http://samourais.free.fr/Image_017.jpg
O24 - Desktop Component 1: (no name) - http://www.darkhorse.com/zones/starwars/downloads.php?did=547&filereq=%2Fdownloads%2Fdesktops%2Fswgalaxymap%2Fswgalaxymap_med.jpg
O24 - Desktop Component 2: (no name) - http://shenmuemaster.free.fr/download/wallpapers/shenmue_005.jpg
O24 - Desktop Component 3: (no name) - http://www.darkhorse.com/downloads.php?did=525&filereq=%2Fdownloads%2Fdesktops%2Fsw_legacy2%2Fsw_legacy2_med.jpg
O24 - Desktop Component 4: (no name) - http://eej.free.fr/hiroshigeg.JPG
O24 - Desktop Component 5: (no name) - http://kyoto.japon.free.fr/Image_K06B.jpg
O24 - Desktop Component 6: (no name) - http://www.bujinkan-france.net/images/fonds/background.jpg
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 2
19/08/2009 22:24:32
mbam-log-2009-08-19 (22-24-32).txt
Type de recherche: Examen rapide
Eléments examinés: 98360
Temps écoulé: 5 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 28
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (Rogue.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cb5239b1-6846-498e-8aa6-2d2946bfea3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cb5239b1-6846-498e-8aa6-2d2946bfea3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cb5239b1-6846-498e-8aa6-2d2946bfea3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.230,85.255.112.114 -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\pim\Application Data\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\temp (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Menu Démarrer\Programmes\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\temp (Rogue.PCenter) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
\\?\globalroot\systemroot\system32\UACxkrrwipjvu.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\cg.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\mw.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\rd.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\sc.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\sm.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\dbases\sp.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys\cg.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys\rd.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys\sc.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\keys\sp.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\temp\settings.ini (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\Privacy center\temp\spfilter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\cg.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\mw.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\rd.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\sc.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\sm.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\dbases\sp.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys\cg.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys\rd.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys\sc.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\keys\sp.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\temp\settings.ini (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\pim\Application Data\PCenter\temp\spfilter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Rapport GenProc :
Rapport GenProc 2.615 [1] - 23/08/2009 à 18:08:16
@ Windows XP Service Pack 2 - Mode normal
@ Internet Explorer (8.0.6001.18702) [Navigateur par défaut]
~~ "C:\WINDOWS\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\WINDOWS\grep.exe" a été renommé grep.exe_RenameGenProc ~~
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :
C:\ZHPExportRegistry-23-08-2009-13-43-18.txt
et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:05, on 23/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Genproc\outil\pim_GenProc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shotokukan.110mb.com/1024/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/55.11/uploader2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pimlepao.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O24 - Desktop Component 0: (no name) - http://samourais.free.fr/Image_017.jpg
O24 - Desktop Component 1: (no name) - http://www.darkhorse.com/zones/starwars/downloads.php?did=547&filereq=%2Fdownloads%2Fdesktops%2Fswgalaxymap%2Fswgalaxymap_med.jpg
O24 - Desktop Component 2: (no name) - http://shenmuemaster.free.fr/download/wallpapers/shenmue_005.jpg
O24 - Desktop Component 3: (no name) - http://www.darkhorse.com/downloads.php?did=525&filereq=%2Fdownloads%2Fdesktops%2Fsw_legacy2%2Fsw_legacy2_med.jpg
O24 - Desktop Component 4: (no name) - http://eej.free.fr/hiroshigeg.JPG
O24 - Desktop Component 5: (no name) - http://kyoto.japon.free.fr/Image_K06B.jpg
O24 - Desktop Component 6: (no name) - http://www.bujinkan-france.net/images/fonds/background.jpg
re,
vu ...
dis moi , c'est quoi tout ce merdier sur ton bureau ?... est-ce vraiment utile ?
O24 - Desktop Component 0: (no name) - http://samourais.free.fr/Image_017.jpg
O24 - Desktop Component 1: (no name) - https://www.darkhorse.com/
O24 - Desktop Component 2: (no name) - http://shenmuemaster.free.fr/download/wallpapers/shenmue_005.jpg
O24 - Desktop Component 3: (no name) - https://www.darkhorse.com/
O24 - Desktop Component 4: (no name) - http://eej.free.fr/hiroshigeg.JPG
O24 - Desktop Component 5: (no name) - http://kyoto.japon.free.fr/Image_K06B.jpg
O24 - Desktop Component 6: (no name) - http://www.bujinkan-france.net/images/fonds/background.jpg
puis fait ce qui suit dans l'ordre ( si le dernier rapport est clean , on pourra finaliser ) .
( ne saute pas d'étape ! si tu rencontres un soucis lors de cette manipe , tu stoppes et tu m'en fais part )
1-Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/
Déconnecte toi et ferme bien toutes tes applications en cours .
Lances le .
*Clique sur Recherche et laisse le scan se terminer (cela peut être long).
*Clique sur Suppression pour finaliser.
*Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .
======================================
2- Refais un coup de CCleaner ( registre compris ) .
======================================
3- Télécharge et installe le logiciel HijackThis :
ici https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-> Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( ne fais pas de scan pour le moment )
======================================
4- Important :
Purge de la restauration système
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...
*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).
======================================
5- Fais ce scan en ligne pour vérifier :
( ne rien faire d'autre avec le PC durant le scan ! )
Fais un scan en ligne avec " Panda " :
https://www.pandasecurity.com/?ref=www.pandasoftware.com/products/activescan
tuto :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId237368
poste moi le rapport obtenu pour analyse ...
vu ...
dis moi , c'est quoi tout ce merdier sur ton bureau ?... est-ce vraiment utile ?
O24 - Desktop Component 0: (no name) - http://samourais.free.fr/Image_017.jpg
O24 - Desktop Component 1: (no name) - https://www.darkhorse.com/
O24 - Desktop Component 2: (no name) - http://shenmuemaster.free.fr/download/wallpapers/shenmue_005.jpg
O24 - Desktop Component 3: (no name) - https://www.darkhorse.com/
O24 - Desktop Component 4: (no name) - http://eej.free.fr/hiroshigeg.JPG
O24 - Desktop Component 5: (no name) - http://kyoto.japon.free.fr/Image_K06B.jpg
O24 - Desktop Component 6: (no name) - http://www.bujinkan-france.net/images/fonds/background.jpg
puis fait ce qui suit dans l'ordre ( si le dernier rapport est clean , on pourra finaliser ) .
( ne saute pas d'étape ! si tu rencontres un soucis lors de cette manipe , tu stoppes et tu m'en fais part )
1-Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/
Déconnecte toi et ferme bien toutes tes applications en cours .
Lances le .
*Clique sur Recherche et laisse le scan se terminer (cela peut être long).
*Clique sur Suppression pour finaliser.
*Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .
======================================
2- Refais un coup de CCleaner ( registre compris ) .
======================================
3- Télécharge et installe le logiciel HijackThis :
ici https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-> Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( ne fais pas de scan pour le moment )
======================================
4- Important :
Purge de la restauration système
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...
*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).
======================================
5- Fais ce scan en ligne pour vérifier :
( ne rien faire d'autre avec le PC durant le scan ! )
Fais un scan en ligne avec " Panda " :
https://www.pandasecurity.com/?ref=www.pandasoftware.com/products/activescan
tuto :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId237368
poste moi le rapport obtenu pour analyse ...
Toujours en train d'analyser avec Panda Online depuis près de 2h30, il est à 17% et non bloqué toujours en scan.
Rapport Panda :
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-23 21:36:04
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AntiVir Desktop 9.0.1.32 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
02457190 Trj/Alureon.BB Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxkrrwipjvu.dll.vir
02532085 Generic Rootkit HackTools No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACmxdoyrjbap_.sys.zip[UACmxdoyrjbap.sys]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqmuptxvkdw.dll.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwqqpfulqib.dll.vir
03541233 HackTool/Rebooter HackTools No 0 Yes No C:\SmitfraudFix\Reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location w
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description w
;===================================================================================================================================================================================
210618 HIGH MS09-019 w
;===================================================================================================================================================================================
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-23 21:36:04
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AntiVir Desktop 9.0.1.32 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
02457190 Trj/Alureon.BB Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxkrrwipjvu.dll.vir
02532085 Generic Rootkit HackTools No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACmxdoyrjbap_.sys.zip[UACmxdoyrjbap.sys]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqmuptxvkdw.dll.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwqqpfulqib.dll.vir
03541233 HackTool/Rebooter HackTools No 0 Yes No C:\SmitfraudFix\Reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location w
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description w
;===================================================================================================================================================================================
210618 HIGH MS09-019 w
;===================================================================================================================================================================================
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
c'est simple, les résultats de Panda montre que tu n'as pas suivit les instructions !!!
tu n'as pas fait ToolsCleaner2 .... fait le stp et poste moi le rapport obtenu pour analyse ....
PS : tu supprimeras Combofix manuelllement ...
c'est simple, les résultats de Panda montre que tu n'as pas suivit les instructions !!!
tu n'as pas fait ToolsCleaner2 .... fait le stp et poste moi le rapport obtenu pour analyse ....
PS : tu supprimeras Combofix manuelllement ...
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\SmitFraudfix: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\pim\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\Gmer.zip: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ComboFix.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\HJTInstall.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ToolBarSD.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\Genproc.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\gmer\Gmer.exe: trouvé !
C:\Genproc\Genproc.exe: trouvé !
C:\Genproc\outil\hijackthis.log: trouvé !
C:\Genproc\outil\mbr.exe: trouvé !
C:\Genproc\Page\GenProc[*].html: trouvé !
C:\Program Files\ZHPDiag: trouvé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\pim\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\Gmer.zip: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\pim\Mes documents\Téléchargements\HJTInstall.exe: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ToolBarSD.exe: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\gmer\Gmer.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\Genproc.exe: supprimé !
C:\Genproc\Genproc.exe: supprimé !
C:\Genproc\outil\hijackthis.log: supprimé !
C:\Genproc\outil\mbr.exe: supprimé !
C:\Genproc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\SmitFraudfix: supprimé !
C:\GenProc: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\ZHPDiag: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
--> Recherche:
C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\SmitFraudfix: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\pim\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\Gmer.zip: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ComboFix.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\HJTInstall.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ToolBarSD.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\Genproc.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\gmer\Gmer.exe: trouvé !
C:\Genproc\Genproc.exe: trouvé !
C:\Genproc\outil\hijackthis.log: trouvé !
C:\Genproc\outil\mbr.exe: trouvé !
C:\Genproc\Page\GenProc[*].html: trouvé !
C:\Program Files\ZHPDiag: trouvé !
C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\pim\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\Gmer.zip: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\pim\Mes documents\Téléchargements\HJTInstall.exe: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ToolBarSD.exe: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\gmer\Gmer.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\ZHPDiag\ZHPdiag.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\Genproc.exe: supprimé !
C:\Genproc\Genproc.exe: supprimé !
C:\Genproc\outil\hijackthis.log: supprimé !
C:\Genproc\outil\mbr.exe: supprimé !
C:\Genproc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\SmitFraudfix: supprimé !
C:\GenProc: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\ZHPDiag: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:47, on 23/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shotokukan.110mb.com/1024/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/55.11/uploader2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pimlepao.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Scan saved at 23:24:47, on 23/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shotokukan.110mb.com/1024/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/55.11/uploader2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://pimlepao.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Il ne me reste que le defrag pas assez de place, je dois libérer de la place pour une meilleure activité du defrag) et le point de restauration. Pour l'instant, plus de windowsclick, ni de reboot et le pc va nettement plus vite.
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\pim\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ComboFix.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\pim\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\pim\Mes documents\Téléchargements\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\pim\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ComboFix.exe: trouvé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\pim\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\pim\Mes documents\Téléchargements\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\pim\Mes documents\Téléchargements\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Et bien merci beaucoup pour toutes ces infos. Cela faisait 4 ans que j'ai arrêté net l'informatique (eh oui...) et c'est de pire en pire à ce que je vois, intéressant pour bien peaufiner son système mais inouï.
Encore un grand merci, je préfère ces solutions à un formatage bovin.
Domo arigato gozaïmasu (merci beaucoup avec beaucoup de respect).
Encore un grand merci, je préfère ces solutions à un formatage bovin.
Domo arigato gozaïmasu (merci beaucoup avec beaucoup de respect).
