Sujet Précédent Sujet Suivant

2 fichiers infectes

Fermé
gege51 - 30 nov. 2009 à 18:12
 gen-hackman - 4 déc. 2009 à 19:09
Bonjour,
Apres une analyse avec Malwarebytes' Anti-Malware ,celui ci me trouve 2 fichiers infectes,
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3261
Windows 5.1.2600 Service Pack 2

30/11/2009 16:33:58
mbam-log-2009-11-30 (16-33-51).txt

Type de recherche: Examen rapide
Eléments examinés: 111063
Temps écoulé: 6 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\setup.exe (Rogue.Installer) -> No action taken.
J'ai supprimé ces 2 fichiers ,aide bien fait?
mon antivirus est GDATA
Je vous remercie pour votre aide

Configuration: Windows XP Internet Explorer 7.0
Lire la suite

108 réponses

Réponse 1 / 108
gege51
30 nov. 2009 à 19:11
personne pour m'aider?
merci
0
Réponse 2 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 19:12
Bonjour,

Fait ceci :


>Désactive les protections résidente "anti-virus et anti-spyware" le temps d'installer smitfraudfix et de faire l'analyse.


>Note importante :
Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac


Télecharge Smitfraudfix ici :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

Regarde le tuto:
http://www.malekal.com/tutorial_SmitFraudfix.php

>Exécutez le en choisissant l’option 1

l' outil va générer un rapport

>Poste le rapport

>note: Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus, ect...) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 3 / 108
gege51
30 nov. 2009 à 19:29
Voilà le rapport.je te remercie de ta patience
SmitFraudFix v2.424

Rapport fait à 19:25:03,17, 30/11/2009
Executé à partir de C:\Documents and Settings\j-y\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\j-y\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\j-y


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\j-y\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\j-y\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\j-y\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DA9DB266-BEF7-43B2-9039-83C1A2BCF6A9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DA9DB266-BEF7-43B2-9039-83C1A2BCF6A9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DA9DB266-BEF7-43B2-9039-83C1A2BCF6A9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DA9DB266-BEF7-43B2-9039-83C1A2BCF6A9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 4 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 19:34
Rien de spécial, fait ceci :


>Telecharge RSIT ici et enregistre-le sur ton bureau :

http://images.malwareremoval.com/random/RSIT.exe

>Double-clique sur RSIT.exe qui se trouve sur le bureau

>Le programme se lance, choisi "1month" et clique sur "continue"

>Laisse faire l'outil et poste le rapport qui s'affiche.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 108
gege51
30 nov. 2009 à 19:37
Logfile of random's system information tool 1.06 (written by random/random)
Run by j-y at 2009-11-30 19:36:11
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 23 GB (25%) free of 91 GB
Total RAM: 2047 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll [2008-09-08 656968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ForceField Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-03-05 451976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-08 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll [2008-09-08 656968]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ForceField Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-03-05 451976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"GDFirewallTray"=C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"=C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe [2008-11-24 958024]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-03-05 546184]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-10-11 198160]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-11-29 2166784]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Internet Sweeper"=C:\WINDOWS\system32\SWEEPER.EXE [2004-10-27 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Eraserl.exe"=C:\Program Files\Eraser\Eraserl.exe [2006-04-11 237568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"=C:\Program Files\Real\RealPlayer\realplay.exe [2009-10-11 222728]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"SpywareTerminatorUpdate"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe [2009-11-29 3055616]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanUp!"=C:\Program Files\CleanUp!\Cleanup.exe [2003-08-07 323584]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2009-04-06 335943]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\CrosuS\CrosuSApp.exe"="C:\Program Files\CrosuS\CrosuSApp.exe:*:Enabled:Crosus"
"C:\Program Files\IGWarlord\igwarlord.exe"="C:\Program Files\IGWarlord\igwarlord.exe:*:Enabled:IGWarlord"
"C:\Documents and Settings\j-y\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\j-y\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\Spark Unlimited\Legendary\Binaries\Legendary.exe"="C:\Program Files\Spark Unlimited\Legendary\Binaries\Legendary.exe:*:Enabled:Legendary"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe"="C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe:*:Enabled:eBay Motors GRID Demo"
"C:\Program Files\Codemasters\GRID Demo\GRID.exe"="C:\Program Files\Codemasters\GRID Demo\GRID.exe:*:Enabled:GRID Demo"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd09793e-7211-11de-8bfe-0015f2b16a4b}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2009-11-30 19:36:12 ----D---- C:\Program Files\trend micro
2009-11-30 19:36:11 ----D---- C:\rsit
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swsc.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swreg.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\Process.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-11-30 15:54:11 ----D---- C:\Documents and Settings\j-y\Application Data\Malwarebytes
2009-11-30 15:53:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-30 15:53:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-29 16:57:47 ----A---- C:\caisslog.txt
2009-11-29 11:33:40 ----RASHOT---- C:\WINDOWS\winstart.bat
2009-11-29 11:31:01 ----D---- C:\Program Files\Greatis
2009-11-29 10:32:17 ----D---- C:\Documents and Settings\j-y\Application Data\Spyware Terminator
2009-11-29 10:32:15 ----D---- C:\Program Files\Spyware Terminator
2009-11-29 10:32:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-11-29 09:52:15 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2009-11-29 09:11:57 ----D---- C:\Program Files\a-squared Anti-Malware
2009-11-24 12:16:59 ----D---- C:\Program Files\Microsoft
2009-11-24 12:16:45 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-24 12:11:30 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-11-13 18:37:53 ----D---- C:\Documents and Settings\j-y\Application Data\vlc

======List of files/folders modified in the last 1 months======

2009-11-30 19:36:12 ----RD---- C:\Program Files
2009-11-30 19:35:45 ----D---- C:\WINDOWS\Temp
2009-11-30 19:25:53 ----A---- C:\rapport.txt
2009-11-30 19:25:10 ----D---- C:\WINDOWS\system32
2009-11-30 19:25:10 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-30 19:16:02 ----D---- C:\WINDOWS
2009-11-30 18:47:21 ----D---- C:\Documents and Settings\j-y\Application Data\#ISW.FS#
2009-11-30 18:43:06 ----D---- C:\WINDOWS\Prefetch
2009-11-30 17:37:18 ----D---- C:\Program Files\Eraser
2009-11-30 17:05:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-30 16:56:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-30 15:53:55 ----D---- C:\WINDOWS\system32\drivers
2009-11-29 10:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 10:08:49 ----D---- C:\Program Files\eMule
2009-11-29 07:57:56 ----D---- C:\Program Files\TuneUp Utilities 2008
2009-11-29 07:26:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-29 06:33:23 ----D---- C:\Program Files\a-squared Free
2009-11-27 16:15:17 ----D---- C:\Documents and Settings\j-y\Application Data\U3
2009-11-27 16:05:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-25 15:20:12 ----SHD---- C:\WINDOWS\Installer
2009-11-25 15:20:12 ----HD---- C:\Config.Msi
2009-11-25 15:20:06 ----HD---- C:\WINDOWS\inf
2009-11-25 15:20:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-25 15:19:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 15:19:47 ----D---- C:\WINDOWS\WinSxS
2009-11-24 12:16:28 ----RSD---- C:\WINDOWS\Fonts
2009-11-24 12:16:22 ----D---- C:\Program Files\Windows Live
2009-11-24 12:11:30 ----D---- C:\Program Files\Fichiers communs
2009-11-24 12:11:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-11 10:57:36 ----D---- C:\WINDOWS\Debug
2009-11-11 07:13:20 ----A---- C:\WINDOWS\win.ini
2009-11-08 09:32:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-08 07:22:06 ----D---- C:\Documents and Settings\j-y\Application Data\Image Zone Express
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-26 25768]
R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R2 ISWKL;ForceField ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-09-01 3712]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-11-11 104512]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2008-06-04 673600]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-16 47360]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]
S2 CX88TS;WinFast BDA Transport Stream Capture (CX2388x); C:\WINDOWS\system32\drivers\cx88ts.sys [2005-06-28 13440]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CXBDATUNE;WinFast CX2388x BDA DVB-T Tuner/Demod; C:\WINDOWS\system32\drivers\cxBDAtun.sys [2005-06-28 21376]
S3 DSDrv4;DSDrv4; C:\WINDOWS\system32\drivers\DSDrv4.sys []
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-02-28 280644]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-16 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-16 21744]
S3 HWIONT;HWIONT; C:\WINDOWS\system32\drivers\HWIONT.sys []
S3 icsak;icsak; \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-05 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-11-29 1858144]
R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
R2 AVKService;Planificateur G DATA; C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Gardien d'AntiVirus; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-09-08 1185496]
R2 IswSvc;ForceField IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-03-05 390536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-08 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-29 488960]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2009-03-08 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-08 14336]
R3 GDFwSvc;Pare-feu personnel G DATA; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-10-30 1407976]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-23 355584]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
0
Réponse 6 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 19:46
Fait ceci :

Analyse ce fichier sur Virustotal et poste le rapport :

C:\WINDOWS\system32\tmp.txt

Virus total ici :

https://www.virustotal.com/gui/

> Télécharge List&Kill'em et enregistre le sur ton bureau ici :

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

> dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

>double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

>laisse travailler l'outil

>Poste le contenu du rapport qui s'ouvre
0
Réponse 7 / 108
gege51
30 nov. 2009 à 19:57
List'em by g3n-h@ckm@n 1.0.6.0

Thx to Chiquitine29.....

User : j-y (Administrateurs) # NOUS
Update on 30/11/2009 by g3n-h@ckm@n ::::: 07:00
Start at: 19:49:58 | 30/11/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3800+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G DATA InternetSecurity 2009 18.0 [ Enabled | Updated ]
AV : a-squared Anti-Malware 4 [ (!) Disabled | Updated ]
FW : Pare-feu personnel G DATA[ Enabled ]1.0

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 88,59 Go (22,18 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 72,71 Go (72,44 Go free) | NTFS
G:\ -> Disque fixe local | 71,58 Go (71,51 Go free) | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 556
C:\WINDOWS\system32\csrss.exe 624
C:\WINDOWS\system32\winlogon.exe 648
C:\WINDOWS\system32\services.exe 700
C:\WINDOWS\system32\lsass.exe 712
C:\WINDOWS\system32\svchost.exe 864
C:\WINDOWS\system32\svchost.exe 940
C:\WINDOWS\System32\svchost.exe 1032
C:\WINDOWS\system32\svchost.exe 1072
C:\WINDOWS\system32\svchost.exe 1120
C:\WINDOWS\system32\svchost.exe 1164
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 1352
C:\WINDOWS\system32\spoolsv.exe 1416
C:\WINDOWS\system32\svchost.exe 1496
C:\Program Files\a-squared Free\a2service.exe 1528
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe 1644
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe 1672
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe 1696
C:\Program Files\Java\jre6\bin\jqs.exe 1776
C:\WINDOWS\system32\nvsvc32.exe 1816
C:\WINDOWS\system32\IoctlSvc.exe 1840
C:\WINDOWS\system32\HPZipm12.exe 1868
C:\Program Files\Spyware Terminator\sp_rsser.exe 1912
C:\WINDOWS\system32\svchost.exe 216
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 244
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe 276
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe 832
C:\WINDOWS\System32\alg.exe 892
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2324
C:\WINDOWS\Explorer.EXE 2580
C:\WINDOWS\system32\LVCOMSX.EXE 3248
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe 3412
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe 3536
C:\Program Files\Logitech\Video\LogiTray.exe 3632
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 3688
C:\Program Files\Logitech\Video\FxSvr2.exe 1980
C:\Program Files\Logitech\SetPoint\SetPoint.exe 2068
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE 2304
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 2700
C:\WINDOWS\system32\ctfmon.exe 4032
C:\Program Files\Internet Explorer\iexplore.exe 2272
C:\Program Files\Internet Explorer\iexplore.exe 2956
C:\Program Files\Internet Explorer\iexplore.exe 2168
C:\Documents and Settings\j-y\Bureau\List_Kill'em.exe 5076
C:\WINDOWS\system32\cmd.exe 4480
C:\WINDOWS\system32\wbem\wmiprvse.exe 5060
C:\Documents and Settings\j-y\Local Settings\Temp\1A.tmp\pv.exe 3472

======================
Keys "Run"
======================

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RealPlayer REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe
LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
SpywareTerminatorUpdate REG_SZ "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
GDFirewallTray REG_SZ C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
G DATA AntiVirus Trayapplication REG_SZ C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
ISW REG_SZ "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /start_mode="auto"
Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SpywareTerminator REG_SZ "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Internet Sweeper REG_SZ C:\WINDOWS\system32\SWEEPER.EXE /Q

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
Other Keys
=====================

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
===============
===============
BHO :
======

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========

=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\j-y\Application Data
choix=1
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=NOUS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\j-y
LOGONSERVER=\\NOUS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Fichiers communs\Ahead\Lib\;C:\Program Files\Fichiers communs\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\j-y\LOCALS~1\Temp
TMP=C:\DOCUME~1\j-y\LOCALS~1\Temp
USERDOMAIN=NOUS
USERNAME=j-y
USERPROFILE=C:\Documents and Settings\j-y
windir=C:\WINDOWS


¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\.zreglib
C:\Program Files\Internet Explorer\fxavx.ini
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\System32\SET100.tmp
C:\WINDOWS\System32\SET102.tmp
C:\WINDOWS\System32\SET103.tmp
C:\WINDOWS\System32\SET104.tmp
C:\WINDOWS\System32\SET105.tmp
C:\WINDOWS\System32\SET139.tmp
C:\WINDOWS\System32\SET13E.tmp
C:\WINDOWS\System32\SET146.tmp
C:\WINDOWS\System32\SET147.tmp
C:\WINDOWS\System32\SET149.tmp
C:\WINDOWS\System32\SET14C.tmp
C:\WINDOWS\System32\SET151.tmp
C:\WINDOWS\System32\SET153.tmp
C:\WINDOWS\System32\SET155.tmp
C:\WINDOWS\System32\SET159.tmp
C:\WINDOWS\System32\SET15A.tmp
C:\WINDOWS\System32\SET15B.tmp
C:\WINDOWS\System32\SET161.tmp
C:\WINDOWS\System32\SET162.tmp
C:\WINDOWS\System32\SET163.tmp
C:\WINDOWS\System32\SET164.tmp
C:\WINDOWS\System32\SET1A7.tmp
C:\WINDOWS\System32\SET1A8.tmp
C:\WINDOWS\System32\SET1A9.tmp
C:\WINDOWS\System32\SET1AA.tmp
C:\WINDOWS\System32\SET1AB.tmp
C:\WINDOWS\System32\SET1AC.tmp
C:\WINDOWS\System32\SET1AD.tmp
C:\WINDOWS\System32\SET1AE.tmp
C:\WINDOWS\System32\SET1AF.tmp
C:\WINDOWS\System32\SET1B0.tmp
C:\WINDOWS\System32\SET1B1.tmp
C:\WINDOWS\System32\SET1B2.tmp
C:\WINDOWS\System32\SET1B3.tmp
C:\WINDOWS\System32\SET1B4.tmp
C:\WINDOWS\System32\SET1B5.tmp
C:\WINDOWS\System32\SET1B6.tmp
C:\WINDOWS\System32\SET1B7.tmp
C:\WINDOWS\System32\SET1B8.tmp
C:\WINDOWS\System32\SET1B9.tmp
C:\WINDOWS\System32\SET1BA.tmp
C:\WINDOWS\System32\SET1BC.tmp
C:\WINDOWS\System32\SET1BD.tmp
C:\WINDOWS\System32\SET1BE.tmp
C:\WINDOWS\System32\SET1BF.tmp
C:\WINDOWS\System32\SET1C0.tmp
C:\WINDOWS\System32\SET1C1.tmp
C:\WINDOWS\System32\SET1C2.tmp
C:\WINDOWS\System32\SET1C3.tmp
C:\WINDOWS\System32\SET1C4.tmp
C:\WINDOWS\System32\SET1C5.tmp
C:\WINDOWS\System32\SET1C6.tmp
C:\WINDOWS\System32\SET1C7.tmp
C:\WINDOWS\System32\SET1CB.tmp
C:\WINDOWS\System32\SET1CC.tmp
C:\WINDOWS\System32\SET1CD.tmp
C:\WINDOWS\System32\SET1CE.tmp
C:\WINDOWS\System32\SET1CF.tmp
C:\WINDOWS\System32\SET1D0.tmp
C:\WINDOWS\System32\SET1D1.tmp
C:\WINDOWS\System32\SET1D2.tmp
C:\WINDOWS\System32\SET1D3.tmp
C:\WINDOWS\System32\SET1D4.tmp
C:\WINDOWS\System32\SET1D5.tmp
C:\WINDOWS\System32\SET1D6.tmp
C:\WINDOWS\System32\SET1D7.tmp
C:\WINDOWS\System32\SET1D8.tmp
C:\WINDOWS\System32\SET1D9.tmp
C:\WINDOWS\System32\SET1DA.tmp
C:\WINDOWS\System32\SET1DB.tmp
C:\WINDOWS\System32\SET1DC.tmp
C:\WINDOWS\System32\SET1DD.tmp
C:\WINDOWS\System32\SET1DE.tmp
C:\WINDOWS\System32\SET1E4.tmp
C:\WINDOWS\System32\SET1EB.tmp
C:\WINDOWS\System32\SET1F2.tmp
C:\WINDOWS\System32\SET1F7.tmp
C:\WINDOWS\System32\SET1F9.tmp
C:\WINDOWS\System32\SET1FA.tmp
C:\WINDOWS\System32\SET200.tmp
C:\WINDOWS\System32\SET201.tmp
C:\WINDOWS\System32\SET202.tmp
C:\WINDOWS\System32\SET206.tmp
C:\WINDOWS\System32\SET208.tmp
C:\WINDOWS\System32\SET209.tmp
C:\WINDOWS\System32\SET20A.tmp
C:\WINDOWS\System32\SET20B.tmp
C:\WINDOWS\System32\SET20C.tmp
C:\WINDOWS\System32\SET20D.tmp
C:\WINDOWS\System32\SET20E.tmp
C:\WINDOWS\System32\SET20F.tmp
C:\WINDOWS\System32\SET210.tmp
C:\WINDOWS\System32\SET211.tmp
C:\WINDOWS\System32\SET212.tmp
C:\WINDOWS\System32\SET213.tmp
C:\WINDOWS\System32\SET214.tmp
C:\WINDOWS\System32\SET215.tmp
C:\WINDOWS\System32\SET216.tmp
C:\WINDOWS\System32\SET217.tmp
C:\WINDOWS\System32\SET218.tmp
C:\WINDOWS\System32\SET219.tmp
C:\WINDOWS\System32\SET21A.tmp
C:\WINDOWS\System32\SET21B.tmp
C:\WINDOWS\System32\SET21C.tmp
C:\WINDOWS\System32\SET21D.tmp
C:\WINDOWS\System32\SET21E.tmp
C:\WINDOWS\System32\SET21F.tmp
C:\WINDOWS\System32\SET220.tmp
C:\WINDOWS\System32\SET221.tmp
C:\WINDOWS\System32\SET222.tmp
C:\WINDOWS\System32\SET223.tmp
C:\WINDOWS\System32\SET224.tmp
C:\WINDOWS\System32\SET225.tmp
C:\WINDOWS\System32\SET226.tmp
C:\WINDOWS\System32\SET227.tmp
C:\WINDOWS\System32\SET228.tmp
C:\WINDOWS\System32\SET229.tmp
C:\WINDOWS\System32\SET22A.tmp
C:\WINDOWS\System32\SET22B.tmp
C:\WINDOWS\System32\SET22C.tmp
C:\WINDOWS\System32\SET22D.tmp
C:\WINDOWS\System32\SET22E.tmp
C:\WINDOWS\System32\SET22F.tmp
C:\WINDOWS\System32\SET230.tmp
C:\WINDOWS\System32\SET231.tmp
C:\WINDOWS\System32\SET232.tmp
C:\WINDOWS\System32\SET234.tmp
C:\WINDOWS\System32\SET239.tmp
C:\WINDOWS\System32\SET23C.tmp
C:\WINDOWS\System32\SET41.tmp
C:\WINDOWS\System32\SET46.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET5F.tmp
C:\WINDOWS\System32\SET62.tmp
C:\WINDOWS\System32\SET67.tmp
C:\WINDOWS\System32\SET6A.tmp
C:\WINDOWS\System32\SET6F.tmp
C:\WINDOWS\System32\SET8D.tmp
C:\WINDOWS\System32\SET8E.tmp
C:\WINDOWS\System32\SET8F.tmp
C:\WINDOWS\System32\SETA6.tmp
C:\WINDOWS\System32\SETA7.tmp
C:\WINDOWS\System32\SETA8.tmp
C:\WINDOWS\System32\SETB0.tmp
C:\WINDOWS\System32\SETB1.tmp
C:\WINDOWS\System32\SETB2.tmp
C:\WINDOWS\System32\SETB3.tmp
C:\WINDOWS\System32\SETB7.tmp
C:\WINDOWS\System32\SETB8.tmp
C:\WINDOWS\System32\SETBF.tmp
C:\WINDOWS\System32\SETC0.tmp
C:\WINDOWS\System32\SETC2.tmp
C:\WINDOWS\System32\SETE2.tmp
C:\WINDOWS\System32\SETE3.tmp
C:\WINDOWS\System32\SETE4.tmp
C:\WINDOWS\System32\SETE5.tmp
C:\WINDOWS\System32\SETEB.tmp
C:\WINDOWS\System32\SETEC.tmp
C:\WINDOWS\System32\SETED.tmp
C:\WINDOWS\System32\SETF1.tmp
C:\WINDOWS\System32\SETF3.tmp
C:\WINDOWS\System32\SETF4.tmp
C:\WINDOWS\System32\SETF6.tmp
C:\WINDOWS\System32\SETFB.tmp
C:\WINDOWS\System32\SETFD.tmp
C:\WINDOWS\System32\SETFE.tmp
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\winstart.bat
C:\Documents and Settings\j-y\Application Data\inst.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

HKCR\.torrent
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent
HKLM\SOFTWARE\Classes\.torrent

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 19:53:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

404FIX.EXE-3762546B.pf
A2HIJACKFREE.EXE-162F6732.pf
A2SCAN.EXE-1E40FF71.pf
A2SERVICE.EXE-2B69BCDE.pf
A2START.EXE-2CA89B80.pf
ADMIN.EXE-1F1CA533.pf
AGENT.OMZ.FIX.EXE-06689887.pf
AGENTSVR.EXE-002E45AB.pf
ALBUMDB2.EXE-0EEB0F05.pf
AVK.EXE-03E3FFE9.pf
AVKIS.EXE-069529C0.pf
AVKPROXY.EXE-01EB23DE.pf
AVKTRAY.EXE-20D09B80.pf
CATCHME.EXE-120E24B1.pf
CCLEANER.EXE-0BCE437C.pf
CHKNTFS.EXE-31921D64.pf
CLEANUP.EXE-1B0F5664.pf
CMD.EXE-087B4001.pf
COMMUNICATIONS_HELPER.EXE-168FB289.pf
CRYOSTASIS.EXE-1D499A7F.pf
CSCRIPT.EXE-1C26180C.pf
CTFMON.EXE-0E17969B.pf
DEFRAG.EXE-273F131E.pf
DFRGNTFS.EXE-269967DF.pf
DRWTSN32.EXE-2B4B52AC.pf
DUMPHIVE.EXE-09491E32.pf
DUMPREP.EXE-1B46F901.pf
DWWIN.EXE-30875ADC.pf
EXPLORER.EXE-082F38A9.pf
FIND.EXE-0EC32F1E.pf
FINDSTR.EXE-0CA6274B.pf
FORCEFIELD.EXE-03D1D421.pf
FR_ASPY_CA_32_FR_FRDEFAULTECO-1543CD25.pf
FXSVR2.EXE-14513BBA.pf
GDFIREWALLTRAY.EXE-1BF9EBCB.pf
HH.EXE-2D1A70B3.pf
HPZENG12.EXE-07E42CEC.pf
HPZSTC12.EXE-2A807C2C.pf
IEDFIX.C.EXE-269B0FD0.pf
IEDFIX.EXE-00412FC9.pf
IEXPLORE.EXE-27122324.pf
IMAPI.EXE-0BF740A4.pf
INTEGRATOR.EXE-1258EAA8.pf
ISWLDR.DAT-0883BE28.pf
ISWMGR.EXE-2ABDBB53.pf
ISWUPDE.EXE-398B8773.pf
KHALMNPR.EXE-098E13FC.pf
KHALMNPR.EXE-1D21F6ED.pf
Layout.ini
LIST_KILL'EM.EXE-074D5347.pf
LOGITECHUPDATE.EXE-2F890CDB.pf
LOGITRAY.EXE-33843C37.pf
LOGON.SCR-151EFAEA.pf
LOGONUI.EXE-0AF22957.pf
LULNCHR.EXE-113736AD.pf
LVCOMSX.EXE-0AC1D558.pf
MANIFESTENGINE.EXE-36F394D0.pf
MBAM-SETUP.EXE-1FAE0FBA.pf
MBAM-SETUP.TMP-320AB23F.pf
MBAM.EXE-0BEE0439.pf
MBAMGUI.EXE-1286D63B.pf
MODE.COM-31685BAE.pf
MSHTA.EXE-331DF029.pf
MSNMSGR.EXE-030AB647.pf
NOTEPAD.EXE-189578DA.pf
NOTEPAD.EXE-336351A9.pf
NTOSBOOT-B00DFAAD.pf
O4PATCH.EXE-01C8DA24.pf
ONECLICKSTARTER.EXE-1492110E.pf
PCSECURITYTEST.EXE-15D4AA69.pf
PHOTOSNAPVIEWER.EXE-2371ED62.pf
POLICIES.EXE-28A6E4A0.pf
PV.EXE-1D560ABE.pf
R3UR.EXE-18286AD2.pf
REALCONVERTER.EXE-10802B9C.pf
REALONEMESSAGECENTER.EXE-1B5B11B5.pf
REALPLAY.EXE-1BF219BD.pf
REALSCHED.EXE-04BEC5CC.pf
REG.EXE-0B5A2AAB.pf
REGEDIT.EXE-1B606482.pf
REGINI.EXE-2BB3D52B.pf
REGSVR32.EXE-25EEFE2F.pf
RPHELPERAPP.EXE-33CB172B.pf
RSIT.EXE-00F3C8B3.pf
RUNDLL32.EXE-1357CA32.pf
RUNDLL32.EXE-17B341D7.pf
RUNDLL32.EXE-1A3D0CE0.pf
RUNDLL32.EXE-1E89791C.pf
RUNDLL32.EXE-1F20A0D1.pf
RUNDLL32.EXE-34A1FC07.pf
RUNDLL32.EXE-35A483DA.pf
RUNDLL32.EXE-415F88EC.pf
RUNDLL32.EXE-4489B61B.pf
SETPOINT.EXE-015059E8.pf
SETUP.EXE-00ABC786.pf
SMITFRAUDFIX.EXE-0012124D.pf
SNDVOL32.EXE-383480B7.pf
SOP.EXE-39B73208.pf
SPYWARETERMINATOR.EXE-0C0A5116.pf
SPYWARETERMINATOR.EXE-2ED40363.pf
SPYWARETERMINATORSHIELD.EXE-0119C527.pf
SPYWARETERMINATORUPDATE.EXE-223FCAC3.pf
SRCHSTS.EXE-04A1F1B1.pf
STARTUPMANAGER.EXE-28EFD577.pf
SWEEPER.EXE-00538269.pf
SWREG.EXE-31B6F821.pf
SWREG.EXE-3688D00C.pf
SYSTEM32.EXE-293D3366.pf
TASKMGR.EXE-20256C55.pf
TEATIMER.EXE-1F57E47A.pf
UNINS000.EXE-041AF57D.pf
UNINS000.EXE-14C2841E.pf
USERINIT.EXE-30B18140.pf
VACFIX.EXE-01A580EA.pf
VERCLSID.EXE-3667BD89.pf
VLC.EXE-22DF01AA.pf
WEBCOLCT.EXE-007C0E72.pf
WINHLP32.EXE-2C18E975.pf
WINRAR.EXE-39C6DAD9.pf
WINWORD.EXE-37F6AE09.pf
WLCOMM.EXE-04AE9009.pf
WMIADAP.EXE-2DF425B2.pf
WMIPRVSE.EXE-28F301A9.pf
WSCNTFY.EXE-1B24F5EB.pf
WUAUCLT.EXE-399A8E72.pf
_IU14D2N.TMP-2D1A4875.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 8 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 20:10
Bien :

>relance Kill"em :


>double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 2 = Mode Destruction

>laisse travailler l'outil

>Poste le contenu du rapport qui s'ouvre
0
Réponse 9 / 108
gege51
30 nov. 2009 à 20:16
Kill'em by g3n-h@ckm@n 1.0.6.0

User : j-y (Administrateurs) # NOUS
Update on 30/11/2009 by g3n-h@ckm@n ::::: 07:00
Start at: 20:14:36 | 30/11/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3800+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G DATA InternetSecurity 2009 18.0 [ Enabled | Updated ]
AV : a-squared Anti-Malware 4 [ (!) Disabled | Updated ]
FW : Pare-feu personnel G DATA[ Enabled ]1.0

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 88,59 Go (22,18 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 72,71 Go (72,44 Go free) | NTFS
G:\ -> Disque fixe local | 71,58 Go (71,51 Go free) | NTFS


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running


C:\WINDOWS\System32\smss.exe 556
C:\WINDOWS\system32\csrss.exe 624
C:\WINDOWS\system32\winlogon.exe 648
C:\WINDOWS\system32\services.exe 700
C:\WINDOWS\system32\lsass.exe 712
C:\WINDOWS\system32\svchost.exe 864
C:\WINDOWS\system32\svchost.exe 940
C:\WINDOWS\System32\svchost.exe 1032
C:\WINDOWS\system32\svchost.exe 1072
C:\WINDOWS\system32\svchost.exe 1120
C:\WINDOWS\system32\svchost.exe 1164
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 1352
C:\WINDOWS\system32\spoolsv.exe 1416
C:\WINDOWS\system32\svchost.exe 1496
C:\Program Files\a-squared Free\a2service.exe 1528
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe 1644
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe 1672
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe 1696
C:\Program Files\Java\jre6\bin\jqs.exe 1776
C:\WINDOWS\system32\nvsvc32.exe 1816
C:\WINDOWS\system32\IoctlSvc.exe 1840
C:\WINDOWS\system32\HPZipm12.exe 1868
C:\Program Files\Spyware Terminator\sp_rsser.exe 1912
C:\WINDOWS\system32\svchost.exe 216
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 244
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe 276
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe 832
C:\WINDOWS\System32\alg.exe 892
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2324
C:\WINDOWS\Explorer.EXE 2580
C:\WINDOWS\system32\LVCOMSX.EXE 3248
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe 3412
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe 3536
C:\Program Files\Logitech\Video\LogiTray.exe 3632
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 3688
C:\Program Files\Logitech\Video\FxSvr2.exe 1980
C:\Program Files\Logitech\SetPoint\SetPoint.exe 2068
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE 2304
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 2700
C:\WINDOWS\system32\ctfmon.exe 4032
C:\Program Files\Internet Explorer\iexplore.exe 2272
C:\Program Files\Internet Explorer\iexplore.exe 2956
C:\WINDOWS\system32\notepad.exe 4392
C:\Documents and Settings\j-y\Bureau\List_Kill'em.exe 4052
C:\WINDOWS\system32\cmd.exe 5040
C:\WINDOWS\system32\wbem\wmiprvse.exe 4316
C:\Documents and Settings\j-y\Local Settings\Temp\1B.tmp\pv.exe 6000

Files :
=======


¤¤¤¤¤¤¤¤¤¤ Files/folders :

"C:\Documents and Settings\All Users\Application Data\.zreglib"
"C:\Program Files\Internet Explorer\fxavx.ini"
"C:\WINDOWS\system32\404Fix.exe"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\system32\dumphive.exe"
"C:\WINDOWS\system32\IEDFix.exe"
"C:\WINDOWS\system32\Process.exe"
C:\WINDOWS\System32\SET100.tmp
C:\WINDOWS\System32\SET102.tmp
C:\WINDOWS\System32\SET103.tmp
C:\WINDOWS\System32\SET104.tmp
C:\WINDOWS\System32\SET105.tmp
C:\WINDOWS\System32\SET139.tmp
C:\WINDOWS\System32\SET13E.tmp
C:\WINDOWS\System32\SET146.tmp
C:\WINDOWS\System32\SET147.tmp
C:\WINDOWS\System32\SET149.tmp
C:\WINDOWS\System32\SET14C.tmp
C:\WINDOWS\System32\SET151.tmp
C:\WINDOWS\System32\SET153.tmp
C:\WINDOWS\System32\SET155.tmp
C:\WINDOWS\System32\SET159.tmp
C:\WINDOWS\System32\SET15A.tmp
C:\WINDOWS\System32\SET15B.tmp
C:\WINDOWS\System32\SET161.tmp
C:\WINDOWS\System32\SET162.tmp
C:\WINDOWS\System32\SET163.tmp
C:\WINDOWS\System32\SET164.tmp
C:\WINDOWS\System32\SET1A7.tmp
C:\WINDOWS\System32\SET1A8.tmp
C:\WINDOWS\System32\SET1A9.tmp
C:\WINDOWS\System32\SET1AA.tmp
C:\WINDOWS\System32\SET1AB.tmp
C:\WINDOWS\System32\SET1AC.tmp
C:\WINDOWS\System32\SET1AD.tmp
C:\WINDOWS\System32\SET1AE.tmp
C:\WINDOWS\System32\SET1AF.tmp
C:\WINDOWS\System32\SET1B0.tmp
C:\WINDOWS\System32\SET1B1.tmp
C:\WINDOWS\System32\SET1B2.tmp
C:\WINDOWS\System32\SET1B3.tmp
C:\WINDOWS\System32\SET1B4.tmp
C:\WINDOWS\System32\SET1B5.tmp
C:\WINDOWS\System32\SET1B6.tmp
C:\WINDOWS\System32\SET1B7.tmp
C:\WINDOWS\System32\SET1B8.tmp
C:\WINDOWS\System32\SET1B9.tmp
C:\WINDOWS\System32\SET1BA.tmp
C:\WINDOWS\System32\SET1BC.tmp
C:\WINDOWS\System32\SET1BD.tmp
C:\WINDOWS\System32\SET1BE.tmp
C:\WINDOWS\System32\SET1BF.tmp
C:\WINDOWS\System32\SET1C0.tmp
C:\WINDOWS\System32\SET1C1.tmp
C:\WINDOWS\System32\SET1C2.tmp
C:\WINDOWS\System32\SET1C3.tmp
C:\WINDOWS\System32\SET1C4.tmp
C:\WINDOWS\System32\SET1C5.tmp
C:\WINDOWS\System32\SET1C6.tmp
C:\WINDOWS\System32\SET1C7.tmp
C:\WINDOWS\System32\SET1CB.tmp
C:\WINDOWS\System32\SET1CC.tmp
C:\WINDOWS\System32\SET1CD.tmp
C:\WINDOWS\System32\SET1CE.tmp
C:\WINDOWS\System32\SET1CF.tmp
C:\WINDOWS\System32\SET1D0.tmp
C:\WINDOWS\System32\SET1D1.tmp
C:\WINDOWS\System32\SET1D2.tmp
C:\WINDOWS\System32\SET1D3.tmp
C:\WINDOWS\System32\SET1D4.tmp
C:\WINDOWS\System32\SET1D5.tmp
C:\WINDOWS\System32\SET1D6.tmp
C:\WINDOWS\System32\SET1D7.tmp
C:\WINDOWS\System32\SET1D8.tmp
C:\WINDOWS\System32\SET1D9.tmp
C:\WINDOWS\System32\SET1DA.tmp
C:\WINDOWS\System32\SET1DB.tmp
C:\WINDOWS\System32\SET1DC.tmp
C:\WINDOWS\System32\SET1DD.tmp
C:\WINDOWS\System32\SET1DE.tmp
C:\WINDOWS\System32\SET1E4.tmp
C:\WINDOWS\System32\SET1EB.tmp
C:\WINDOWS\System32\SET1F2.tmp
C:\WINDOWS\System32\SET1F7.tmp
C:\WINDOWS\System32\SET1F9.tmp
C:\WINDOWS\System32\SET1FA.tmp
C:\WINDOWS\System32\SET200.tmp
C:\WINDOWS\System32\SET201.tmp
C:\WINDOWS\System32\SET202.tmp
C:\WINDOWS\System32\SET206.tmp
C:\WINDOWS\System32\SET208.tmp
C:\WINDOWS\System32\SET209.tmp
C:\WINDOWS\System32\SET20A.tmp
C:\WINDOWS\System32\SET20B.tmp
C:\WINDOWS\System32\SET20C.tmp
C:\WINDOWS\System32\SET20D.tmp
C:\WINDOWS\System32\SET20E.tmp
C:\WINDOWS\System32\SET20F.tmp
C:\WINDOWS\System32\SET210.tmp
C:\WINDOWS\System32\SET211.tmp
C:\WINDOWS\System32\SET212.tmp
C:\WINDOWS\System32\SET213.tmp
C:\WINDOWS\System32\SET214.tmp
C:\WINDOWS\System32\SET215.tmp
C:\WINDOWS\System32\SET216.tmp
C:\WINDOWS\System32\SET217.tmp
C:\WINDOWS\System32\SET218.tmp
C:\WINDOWS\System32\SET219.tmp
C:\WINDOWS\System32\SET21A.tmp
C:\WINDOWS\System32\SET21B.tmp
C:\WINDOWS\System32\SET21C.tmp
C:\WINDOWS\System32\SET21D.tmp
C:\WINDOWS\System32\SET21E.tmp
C:\WINDOWS\System32\SET21F.tmp
C:\WINDOWS\System32\SET220.tmp
C:\WINDOWS\System32\SET221.tmp
C:\WINDOWS\System32\SET222.tmp
C:\WINDOWS\System32\SET223.tmp
C:\WINDOWS\System32\SET224.tmp
C:\WINDOWS\System32\SET225.tmp
C:\WINDOWS\System32\SET226.tmp
C:\WINDOWS\System32\SET227.tmp
C:\WINDOWS\System32\SET228.tmp
C:\WINDOWS\System32\SET229.tmp
C:\WINDOWS\System32\SET22A.tmp
C:\WINDOWS\System32\SET22B.tmp
C:\WINDOWS\System32\SET22C.tmp
C:\WINDOWS\System32\SET22D.tmp
C:\WINDOWS\System32\SET22E.tmp
C:\WINDOWS\System32\SET22F.tmp
C:\WINDOWS\System32\SET230.tmp
C:\WINDOWS\System32\SET231.tmp
C:\WINDOWS\System32\SET232.tmp
C:\WINDOWS\System32\SET234.tmp
C:\WINDOWS\System32\SET239.tmp
C:\WINDOWS\System32\SET23C.tmp
C:\WINDOWS\System32\SET41.tmp
C:\WINDOWS\System32\SET46.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET5F.tmp
C:\WINDOWS\System32\SET62.tmp
C:\WINDOWS\System32\SET67.tmp
C:\WINDOWS\System32\SET6A.tmp
C:\WINDOWS\System32\SET6F.tmp
C:\WINDOWS\System32\SET8D.tmp
C:\WINDOWS\System32\SET8E.tmp
C:\WINDOWS\System32\SET8F.tmp
C:\WINDOWS\System32\SETA6.tmp
C:\WINDOWS\System32\SETA7.tmp
C:\WINDOWS\System32\SETA8.tmp
C:\WINDOWS\System32\SETB0.tmp
C:\WINDOWS\System32\SETB1.tmp
C:\WINDOWS\System32\SETB2.tmp
C:\WINDOWS\System32\SETB3.tmp
C:\WINDOWS\System32\SETB7.tmp
C:\WINDOWS\System32\SETB8.tmp
C:\WINDOWS\System32\SETBF.tmp
C:\WINDOWS\System32\SETC0.tmp
C:\WINDOWS\System32\SETC2.tmp
C:\WINDOWS\System32\SETE2.tmp
C:\WINDOWS\System32\SETE3.tmp
C:\WINDOWS\System32\SETE4.tmp
C:\WINDOWS\System32\SETE5.tmp
C:\WINDOWS\System32\SETEB.tmp
C:\WINDOWS\System32\SETEC.tmp
C:\WINDOWS\System32\SETED.tmp
C:\WINDOWS\System32\SETF1.tmp
C:\WINDOWS\System32\SETF3.tmp
C:\WINDOWS\System32\SETF4.tmp
C:\WINDOWS\System32\SETF6.tmp
C:\WINDOWS\System32\SETFB.tmp
C:\WINDOWS\System32\SETFD.tmp
C:\WINDOWS\System32\SETFE.tmp
"C:\WINDOWS\system32\SrchSTS.exe"
"C:\WINDOWS\system32\tmp.reg"
"C:\WINDOWS\system32\VACFix.exe"
"C:\WINDOWS\system32\VCCLSID.exe"
"C:\WINDOWS\system32\WS2Fix.exe"
"C:\WINDOWS\winstart.bat"
"C:\Documents and Settings\j-y\Application Data\inst.exe"


¤¤¤¤¤¤¤¤¤¤ Files/folders killed :

Quarantine :

.zreglib.Kill'em
404Fix.exe.Kill'em
dumphive.exe.Kill'em
fxavx.ini.Kill'em
hosts.msn.Kill'em
IEDFix.exe.Kill'em
inst.exe.Kill'em
Process.exe.Kill'em
SET100.tmp.Kill'em
SET102.tmp.Kill'em
SET103.tmp.Kill'em
SET104.tmp.Kill'em
SET105.tmp.Kill'em
SET139.tmp.Kill'em
SET13E.tmp.Kill'em
SET146.tmp.Kill'em
SET147.tmp.Kill'em
SET149.tmp.Kill'em
SET14C.tmp.Kill'em
SET151.tmp.Kill'em
SET153.tmp.Kill'em
SET155.tmp.Kill'em
SET159.tmp.Kill'em
SET15A.tmp.Kill'em
SET15B.tmp.Kill'em
SET161.tmp.Kill'em
SET162.tmp.Kill'em
SET163.tmp.Kill'em
SET164.tmp.Kill'em
SET1A7.tmp.Kill'em
SET1A8.tmp.Kill'em
SET1A9.tmp.Kill'em
SET1AA.tmp.Kill'em
SET1AB.tmp.Kill'em
SET1AC.tmp.Kill'em
SET1AD.tmp.Kill'em
SET1AE.tmp.Kill'em
SET1AF.tmp.Kill'em
SET1B0.tmp.Kill'em
SET1B1.tmp.Kill'em
SET1B2.tmp.Kill'em
SET1B3.tmp.Kill'em
SET1B4.tmp.Kill'em
SET1B5.tmp.Kill'em
SET1B6.tmp.Kill'em
SET1B7.tmp.Kill'em
SET1B8.tmp.Kill'em
SET1B9.tmp.Kill'em
SET1BA.tmp.Kill'em
SET1BC.tmp.Kill'em
SET1BD.tmp.Kill'em
SET1BE.tmp.Kill'em
SET1BF.tmp.Kill'em
SET1C0.tmp.Kill'em
SET1C1.tmp.Kill'em
SET1C2.tmp.Kill'em
SET1C3.tmp.Kill'em
SET1C4.tmp.Kill'em
SET1C5.tmp.Kill'em
SET1C6.tmp.Kill'em
SET1C7.tmp.Kill'em
SET1CB.tmp.Kill'em
SET1CC.tmp.Kill'em
SET1CD.tmp.Kill'em
SET1CE.tmp.Kill'em
SET1CF.tmp.Kill'em
SET1D0.tmp.Kill'em
SET1D1.tmp.Kill'em
SET1D2.tmp.Kill'em
SET1D3.tmp.Kill'em
SET1D4.tmp.Kill'em
SET1D5.tmp.Kill'em
SET1D6.tmp.Kill'em
SET1D7.tmp.Kill'em
SET1D8.tmp.Kill'em
SET1D9.tmp.Kill'em
SET1DA.tmp.Kill'em
SET1DB.tmp.Kill'em
SET1DC.tmp.Kill'em
SET1DD.tmp.Kill'em
SET1DE.tmp.Kill'em
SET1E4.tmp.Kill'em
SET1EB.tmp.Kill'em
SET1F2.tmp.Kill'em
SET1F7.tmp.Kill'em
SET1F9.tmp.Kill'em
SET1FA.tmp.Kill'em
SET200.tmp.Kill'em
SET201.tmp.Kill'em
SET202.tmp.Kill'em
SET206.tmp.Kill'em
SET208.tmp.Kill'em
SET209.tmp.Kill'em
SET20A.tmp.Kill'em
SET20B.tmp.Kill'em
SET20C.tmp.Kill'em
SET20D.tmp.Kill'em
SET20E.tmp.Kill'em
SET20F.tmp.Kill'em
SET210.tmp.Kill'em
SET211.tmp.Kill'em
SET212.tmp.Kill'em
SET213.tmp.Kill'em
SET214.tmp.Kill'em
SET215.tmp.Kill'em
SET216.tmp.Kill'em
SET217.tmp.Kill'em
SET218.tmp.Kill'em
SET219.tmp.Kill'em
SET21A.tmp.Kill'em
SET21B.tmp.Kill'em
SET21C.tmp.Kill'em
SET21D.tmp.Kill'em
SET21E.tmp.Kill'em
SET21F.tmp.Kill'em
SET220.tmp.Kill'em
SET221.tmp.Kill'em
SET222.tmp.Kill'em
SET223.tmp.Kill'em
SET224.tmp.Kill'em
SET225.tmp.Kill'em
SET226.tmp.Kill'em
SET227.tmp.Kill'em
SET228.tmp.Kill'em
SET229.tmp.Kill'em
SET22A.tmp.Kill'em
SET22B.tmp.Kill'em
SET22C.tmp.Kill'em
SET22D.tmp.Kill'em
SET22E.tmp.Kill'em
SET22F.tmp.Kill'em
SET230.tmp.Kill'em
SET231.tmp.Kill'em
SET232.tmp.Kill'em
SET234.tmp.Kill'em
SET239.tmp.Kill'em
SET23C.tmp.Kill'em
SET41.tmp.Kill'em
SET46.tmp.Kill'em
SET5A.tmp.Kill'em
SET5F.tmp.Kill'em
SET62.tmp.Kill'em
SET67.tmp.Kill'em
SET6A.tmp.Kill'em
SET6F.tmp.Kill'em
SET8D.tmp.Kill'em
SET8E.tmp.Kill'em
SET8F.tmp.Kill'em
SETA6.tmp.Kill'em
SETA7.tmp.Kill'em
SETA8.tmp.Kill'em
SETB0.tmp.Kill'em
SETB1.tmp.Kill'em
SETB2.tmp.Kill'em
SETB3.tmp.Kill'em
SETB7.tmp.Kill'em
SETB8.tmp.Kill'em
SETBF.tmp.Kill'em
SETC0.tmp.Kill'em
SETC2.tmp.Kill'em
SETE2.tmp.Kill'em
SETE3.tmp.Kill'em
SETE4.tmp.Kill'em
SETE5.tmp.Kill'em
SETEB.tmp.Kill'em
SETEC.tmp.Kill'em
SETED.tmp.Kill'em
SETF1.tmp.Kill'em
SETF3.tmp.Kill'em
SETF4.tmp.Kill'em
SETF6.tmp.Kill'em
SETFB.tmp.Kill'em
SETFD.tmp.Kill'em
SETFE.tmp.Kill'em
SrchSTS.exe.Kill'em
tmp.reg.Kill'em
VACFix.exe.Kill'em
VCCLSID.exe.Kill'em
winstart.bat.Kill'em
WS2Fix.exe.Kill'em

==============
host file OK !
==============

=============
Registry Kill
=============
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch

FR_ASPY_CA_32_FR_FRDEFAULTECO-1543CD25.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 10 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 20:31
Bien, reposte un rapport RSIT stp.
0
Réponse 11 / 108
gege51
30 nov. 2009 à 20:34
Kill'em by g3n-h@ckm@n 1.0.6.0

User : j-y (Administrateurs) # NOUS
Update on 30/11/2009 by g3n-h@ckm@n ::::: 07:00
Start at: 20:14:36 | 30/11/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3800+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G DATA InternetSecurity 2009 18.0 [ Enabled | Updated ]
AV : a-squared Anti-Malware 4 [ (!) Disabled | Updated ]
FW : Pare-feu personnel G DATA[ Enabled ]1.0

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 88,59 Go (22,18 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 72,71 Go (72,44 Go free) | NTFS
G:\ -> Disque fixe local | 71,58 Go (71,51 Go free) | NTFS


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running


C:\WINDOWS\System32\smss.exe 556
C:\WINDOWS\system32\csrss.exe 624
C:\WINDOWS\system32\winlogon.exe 648
C:\WINDOWS\system32\services.exe 700
C:\WINDOWS\system32\lsass.exe 712
C:\WINDOWS\system32\svchost.exe 864
C:\WINDOWS\system32\svchost.exe 940
C:\WINDOWS\System32\svchost.exe 1032
C:\WINDOWS\system32\svchost.exe 1072
C:\WINDOWS\system32\svchost.exe 1120
C:\WINDOWS\system32\svchost.exe 1164
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 1352
C:\WINDOWS\system32\spoolsv.exe 1416
C:\WINDOWS\system32\svchost.exe 1496
C:\Program Files\a-squared Free\a2service.exe 1528
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe 1644
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe 1672
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe 1696
C:\Program Files\Java\jre6\bin\jqs.exe 1776
C:\WINDOWS\system32\nvsvc32.exe 1816
C:\WINDOWS\system32\IoctlSvc.exe 1840
C:\WINDOWS\system32\HPZipm12.exe 1868
C:\Program Files\Spyware Terminator\sp_rsser.exe 1912
C:\WINDOWS\system32\svchost.exe 216
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 244
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe 276
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe 832
C:\WINDOWS\System32\alg.exe 892
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2324
C:\WINDOWS\Explorer.EXE 2580
C:\WINDOWS\system32\LVCOMSX.EXE 3248
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe 3412
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe 3536
C:\Program Files\Logitech\Video\LogiTray.exe 3632
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 3688
C:\Program Files\Logitech\Video\FxSvr2.exe 1980
C:\Program Files\Logitech\SetPoint\SetPoint.exe 2068
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE 2304
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe 2700
C:\WINDOWS\system32\ctfmon.exe 4032
C:\Program Files\Internet Explorer\iexplore.exe 2272
C:\Program Files\Internet Explorer\iexplore.exe 2956
C:\WINDOWS\system32\notepad.exe 4392
C:\Documents and Settings\j-y\Bureau\List_Kill'em.exe 4052
C:\WINDOWS\system32\cmd.exe 5040
C:\WINDOWS\system32\wbem\wmiprvse.exe 4316
C:\Documents and Settings\j-y\Local Settings\Temp\1B.tmp\pv.exe 6000

Files :
=======


¤¤¤¤¤¤¤¤¤¤ Files/folders :

"C:\Documents and Settings\All Users\Application Data\.zreglib"
"C:\Program Files\Internet Explorer\fxavx.ini"
"C:\WINDOWS\system32\404Fix.exe"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\system32\dumphive.exe"
"C:\WINDOWS\system32\IEDFix.exe"
"C:\WINDOWS\system32\Process.exe"
C:\WINDOWS\System32\SET100.tmp
C:\WINDOWS\System32\SET102.tmp
C:\WINDOWS\System32\SET103.tmp
C:\WINDOWS\System32\SET104.tmp
C:\WINDOWS\System32\SET105.tmp
C:\WINDOWS\System32\SET139.tmp
C:\WINDOWS\System32\SET13E.tmp
C:\WINDOWS\System32\SET146.tmp
C:\WINDOWS\System32\SET147.tmp
C:\WINDOWS\System32\SET149.tmp
C:\WINDOWS\System32\SET14C.tmp
C:\WINDOWS\System32\SET151.tmp
C:\WINDOWS\System32\SET153.tmp
C:\WINDOWS\System32\SET155.tmp
C:\WINDOWS\System32\SET159.tmp
C:\WINDOWS\System32\SET15A.tmp
C:\WINDOWS\System32\SET15B.tmp
C:\WINDOWS\System32\SET161.tmp
C:\WINDOWS\System32\SET162.tmp
C:\WINDOWS\System32\SET163.tmp
C:\WINDOWS\System32\SET164.tmp
C:\WINDOWS\System32\SET1A7.tmp
C:\WINDOWS\System32\SET1A8.tmp
C:\WINDOWS\System32\SET1A9.tmp
C:\WINDOWS\System32\SET1AA.tmp
C:\WINDOWS\System32\SET1AB.tmp
C:\WINDOWS\System32\SET1AC.tmp
C:\WINDOWS\System32\SET1AD.tmp
C:\WINDOWS\System32\SET1AE.tmp
C:\WINDOWS\System32\SET1AF.tmp
C:\WINDOWS\System32\SET1B0.tmp
C:\WINDOWS\System32\SET1B1.tmp
C:\WINDOWS\System32\SET1B2.tmp
C:\WINDOWS\System32\SET1B3.tmp
C:\WINDOWS\System32\SET1B4.tmp
C:\WINDOWS\System32\SET1B5.tmp
C:\WINDOWS\System32\SET1B6.tmp
C:\WINDOWS\System32\SET1B7.tmp
C:\WINDOWS\System32\SET1B8.tmp
C:\WINDOWS\System32\SET1B9.tmp
C:\WINDOWS\System32\SET1BA.tmp
C:\WINDOWS\System32\SET1BC.tmp
C:\WINDOWS\System32\SET1BD.tmp
C:\WINDOWS\System32\SET1BE.tmp
C:\WINDOWS\System32\SET1BF.tmp
C:\WINDOWS\System32\SET1C0.tmp
C:\WINDOWS\System32\SET1C1.tmp
C:\WINDOWS\System32\SET1C2.tmp
C:\WINDOWS\System32\SET1C3.tmp
C:\WINDOWS\System32\SET1C4.tmp
C:\WINDOWS\System32\SET1C5.tmp
C:\WINDOWS\System32\SET1C6.tmp
C:\WINDOWS\System32\SET1C7.tmp
C:\WINDOWS\System32\SET1CB.tmp
C:\WINDOWS\System32\SET1CC.tmp
C:\WINDOWS\System32\SET1CD.tmp
C:\WINDOWS\System32\SET1CE.tmp
C:\WINDOWS\System32\SET1CF.tmp
C:\WINDOWS\System32\SET1D0.tmp
C:\WINDOWS\System32\SET1D1.tmp
C:\WINDOWS\System32\SET1D2.tmp
C:\WINDOWS\System32\SET1D3.tmp
C:\WINDOWS\System32\SET1D4.tmp
C:\WINDOWS\System32\SET1D5.tmp
C:\WINDOWS\System32\SET1D6.tmp
C:\WINDOWS\System32\SET1D7.tmp
C:\WINDOWS\System32\SET1D8.tmp
C:\WINDOWS\System32\SET1D9.tmp
C:\WINDOWS\System32\SET1DA.tmp
C:\WINDOWS\System32\SET1DB.tmp
C:\WINDOWS\System32\SET1DC.tmp
C:\WINDOWS\System32\SET1DD.tmp
C:\WINDOWS\System32\SET1DE.tmp
C:\WINDOWS\System32\SET1E4.tmp
C:\WINDOWS\System32\SET1EB.tmp
C:\WINDOWS\System32\SET1F2.tmp
C:\WINDOWS\System32\SET1F7.tmp
C:\WINDOWS\System32\SET1F9.tmp
C:\WINDOWS\System32\SET1FA.tmp
C:\WINDOWS\System32\SET200.tmp
C:\WINDOWS\System32\SET201.tmp
C:\WINDOWS\System32\SET202.tmp
C:\WINDOWS\System32\SET206.tmp
C:\WINDOWS\System32\SET208.tmp
C:\WINDOWS\System32\SET209.tmp
C:\WINDOWS\System32\SET20A.tmp
C:\WINDOWS\System32\SET20B.tmp
C:\WINDOWS\System32\SET20C.tmp
C:\WINDOWS\System32\SET20D.tmp
C:\WINDOWS\System32\SET20E.tmp
C:\WINDOWS\System32\SET20F.tmp
C:\WINDOWS\System32\SET210.tmp
C:\WINDOWS\System32\SET211.tmp
C:\WINDOWS\System32\SET212.tmp
C:\WINDOWS\System32\SET213.tmp
C:\WINDOWS\System32\SET214.tmp
C:\WINDOWS\System32\SET215.tmp
C:\WINDOWS\System32\SET216.tmp
C:\WINDOWS\System32\SET217.tmp
C:\WINDOWS\System32\SET218.tmp
C:\WINDOWS\System32\SET219.tmp
C:\WINDOWS\System32\SET21A.tmp
C:\WINDOWS\System32\SET21B.tmp
C:\WINDOWS\System32\SET21C.tmp
C:\WINDOWS\System32\SET21D.tmp
C:\WINDOWS\System32\SET21E.tmp
C:\WINDOWS\System32\SET21F.tmp
C:\WINDOWS\System32\SET220.tmp
C:\WINDOWS\System32\SET221.tmp
C:\WINDOWS\System32\SET222.tmp
C:\WINDOWS\System32\SET223.tmp
C:\WINDOWS\System32\SET224.tmp
C:\WINDOWS\System32\SET225.tmp
C:\WINDOWS\System32\SET226.tmp
C:\WINDOWS\System32\SET227.tmp
C:\WINDOWS\System32\SET228.tmp
C:\WINDOWS\System32\SET229.tmp
C:\WINDOWS\System32\SET22A.tmp
C:\WINDOWS\System32\SET22B.tmp
C:\WINDOWS\System32\SET22C.tmp
C:\WINDOWS\System32\SET22D.tmp
C:\WINDOWS\System32\SET22E.tmp
C:\WINDOWS\System32\SET22F.tmp
C:\WINDOWS\System32\SET230.tmp
C:\WINDOWS\System32\SET231.tmp
C:\WINDOWS\System32\SET232.tmp
C:\WINDOWS\System32\SET234.tmp
C:\WINDOWS\System32\SET239.tmp
C:\WINDOWS\System32\SET23C.tmp
C:\WINDOWS\System32\SET41.tmp
C:\WINDOWS\System32\SET46.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET5F.tmp
C:\WINDOWS\System32\SET62.tmp
C:\WINDOWS\System32\SET67.tmp
C:\WINDOWS\System32\SET6A.tmp
C:\WINDOWS\System32\SET6F.tmp
C:\WINDOWS\System32\SET8D.tmp
C:\WINDOWS\System32\SET8E.tmp
C:\WINDOWS\System32\SET8F.tmp
C:\WINDOWS\System32\SETA6.tmp
C:\WINDOWS\System32\SETA7.tmp
C:\WINDOWS\System32\SETA8.tmp
C:\WINDOWS\System32\SETB0.tmp
C:\WINDOWS\System32\SETB1.tmp
C:\WINDOWS\System32\SETB2.tmp
C:\WINDOWS\System32\SETB3.tmp
C:\WINDOWS\System32\SETB7.tmp
C:\WINDOWS\System32\SETB8.tmp
C:\WINDOWS\System32\SETBF.tmp
C:\WINDOWS\System32\SETC0.tmp
C:\WINDOWS\System32\SETC2.tmp
C:\WINDOWS\System32\SETE2.tmp
C:\WINDOWS\System32\SETE3.tmp
C:\WINDOWS\System32\SETE4.tmp
C:\WINDOWS\System32\SETE5.tmp
C:\WINDOWS\System32\SETEB.tmp
C:\WINDOWS\System32\SETEC.tmp
C:\WINDOWS\System32\SETED.tmp
C:\WINDOWS\System32\SETF1.tmp
C:\WINDOWS\System32\SETF3.tmp
C:\WINDOWS\System32\SETF4.tmp
C:\WINDOWS\System32\SETF6.tmp
C:\WINDOWS\System32\SETFB.tmp
C:\WINDOWS\System32\SETFD.tmp
C:\WINDOWS\System32\SETFE.tmp
"C:\WINDOWS\system32\SrchSTS.exe"
"C:\WINDOWS\system32\tmp.reg"
"C:\WINDOWS\system32\VACFix.exe"
"C:\WINDOWS\system32\VCCLSID.exe"
"C:\WINDOWS\system32\WS2Fix.exe"
"C:\WINDOWS\winstart.bat"
"C:\Documents and Settings\j-y\Application Data\inst.exe"


¤¤¤¤¤¤¤¤¤¤ Files/folders killed :

Quarantine :

.zreglib.Kill'em
404Fix.exe.Kill'em
dumphive.exe.Kill'em
fxavx.ini.Kill'em
hosts.msn.Kill'em
IEDFix.exe.Kill'em
inst.exe.Kill'em
Process.exe.Kill'em
SET100.tmp.Kill'em
SET102.tmp.Kill'em
SET103.tmp.Kill'em
SET104.tmp.Kill'em
SET105.tmp.Kill'em
SET139.tmp.Kill'em
SET13E.tmp.Kill'em
SET146.tmp.Kill'em
SET147.tmp.Kill'em
SET149.tmp.Kill'em
SET14C.tmp.Kill'em
SET151.tmp.Kill'em
SET153.tmp.Kill'em
SET155.tmp.Kill'em
SET159.tmp.Kill'em
SET15A.tmp.Kill'em
SET15B.tmp.Kill'em
SET161.tmp.Kill'em
SET162.tmp.Kill'em
SET163.tmp.Kill'em
SET164.tmp.Kill'em
SET1A7.tmp.Kill'em
SET1A8.tmp.Kill'em
SET1A9.tmp.Kill'em
SET1AA.tmp.Kill'em
SET1AB.tmp.Kill'em
SET1AC.tmp.Kill'em
SET1AD.tmp.Kill'em
SET1AE.tmp.Kill'em
SET1AF.tmp.Kill'em
SET1B0.tmp.Kill'em
SET1B1.tmp.Kill'em
SET1B2.tmp.Kill'em
SET1B3.tmp.Kill'em
SET1B4.tmp.Kill'em
SET1B5.tmp.Kill'em
SET1B6.tmp.Kill'em
SET1B7.tmp.Kill'em
SET1B8.tmp.Kill'em
SET1B9.tmp.Kill'em
SET1BA.tmp.Kill'em
SET1BC.tmp.Kill'em
SET1BD.tmp.Kill'em
SET1BE.tmp.Kill'em
SET1BF.tmp.Kill'em
SET1C0.tmp.Kill'em
SET1C1.tmp.Kill'em
SET1C2.tmp.Kill'em
SET1C3.tmp.Kill'em
SET1C4.tmp.Kill'em
SET1C5.tmp.Kill'em
SET1C6.tmp.Kill'em
SET1C7.tmp.Kill'em
SET1CB.tmp.Kill'em
SET1CC.tmp.Kill'em
SET1CD.tmp.Kill'em
SET1CE.tmp.Kill'em
SET1CF.tmp.Kill'em
SET1D0.tmp.Kill'em
SET1D1.tmp.Kill'em
SET1D2.tmp.Kill'em
SET1D3.tmp.Kill'em
SET1D4.tmp.Kill'em
SET1D5.tmp.Kill'em
SET1D6.tmp.Kill'em
SET1D7.tmp.Kill'em
SET1D8.tmp.Kill'em
SET1D9.tmp.Kill'em
SET1DA.tmp.Kill'em
SET1DB.tmp.Kill'em
SET1DC.tmp.Kill'em
SET1DD.tmp.Kill'em
SET1DE.tmp.Kill'em
SET1E4.tmp.Kill'em
SET1EB.tmp.Kill'em
SET1F2.tmp.Kill'em
SET1F7.tmp.Kill'em
SET1F9.tmp.Kill'em
SET1FA.tmp.Kill'em
SET200.tmp.Kill'em
SET201.tmp.Kill'em
SET202.tmp.Kill'em
SET206.tmp.Kill'em
SET208.tmp.Kill'em
SET209.tmp.Kill'em
SET20A.tmp.Kill'em
SET20B.tmp.Kill'em
SET20C.tmp.Kill'em
SET20D.tmp.Kill'em
SET20E.tmp.Kill'em
SET20F.tmp.Kill'em
SET210.tmp.Kill'em
SET211.tmp.Kill'em
SET212.tmp.Kill'em
SET213.tmp.Kill'em
SET214.tmp.Kill'em
SET215.tmp.Kill'em
SET216.tmp.Kill'em
SET217.tmp.Kill'em
SET218.tmp.Kill'em
SET219.tmp.Kill'em
SET21A.tmp.Kill'em
SET21B.tmp.Kill'em
SET21C.tmp.Kill'em
SET21D.tmp.Kill'em
SET21E.tmp.Kill'em
SET21F.tmp.Kill'em
SET220.tmp.Kill'em
SET221.tmp.Kill'em
SET222.tmp.Kill'em
SET223.tmp.Kill'em
SET224.tmp.Kill'em
SET225.tmp.Kill'em
SET226.tmp.Kill'em
SET227.tmp.Kill'em
SET228.tmp.Kill'em
SET229.tmp.Kill'em
SET22A.tmp.Kill'em
SET22B.tmp.Kill'em
SET22C.tmp.Kill'em
SET22D.tmp.Kill'em
SET22E.tmp.Kill'em
SET22F.tmp.Kill'em
SET230.tmp.Kill'em
SET231.tmp.Kill'em
SET232.tmp.Kill'em
SET234.tmp.Kill'em
SET239.tmp.Kill'em
SET23C.tmp.Kill'em
SET41.tmp.Kill'em
SET46.tmp.Kill'em
SET5A.tmp.Kill'em
SET5F.tmp.Kill'em
SET62.tmp.Kill'em
SET67.tmp.Kill'em
SET6A.tmp.Kill'em
SET6F.tmp.Kill'em
SET8D.tmp.Kill'em
SET8E.tmp.Kill'em
SET8F.tmp.Kill'em
SETA6.tmp.Kill'em
SETA7.tmp.Kill'em
SETA8.tmp.Kill'em
SETB0.tmp.Kill'em
SETB1.tmp.Kill'em
SETB2.tmp.Kill'em
SETB3.tmp.Kill'em
SETB7.tmp.Kill'em
SETB8.tmp.Kill'em
SETBF.tmp.Kill'em
SETC0.tmp.Kill'em
SETC2.tmp.Kill'em
SETE2.tmp.Kill'em
SETE3.tmp.Kill'em
SETE4.tmp.Kill'em
SETE5.tmp.Kill'em
SETEB.tmp.Kill'em
SETEC.tmp.Kill'em
SETED.tmp.Kill'em
SETF1.tmp.Kill'em
SETF3.tmp.Kill'em
SETF4.tmp.Kill'em
SETF6.tmp.Kill'em
SETFB.tmp.Kill'em
SETFD.tmp.Kill'em
SETFE.tmp.Kill'em
SrchSTS.exe.Kill'em
tmp.reg.Kill'em
VACFix.exe.Kill'em
VCCLSID.exe.Kill'em
winstart.bat.Kill'em
WS2Fix.exe.Kill'em

==============
host file OK !
==============

=============
Registry Kill
=============
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch

FR_ASPY_CA_32_FR_FRDEFAULTECO-1543CD25.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 12 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 20:36
Oups, je ne t'avais pas encore demandé de RSIT, fait ceci :


>Telecharge RSIT ici et enregistre-le sur ton bureau :

http://images.malwareremoval.com/random/RSIT.exe

>Double-clique sur RSIT.exe qui se trouve sur le bureau

>Le programme se lance, choisi "1month" et clique sur "continue"

>Laisse faire l'outil et poste le rapport qui s'affiche.
0
Réponse 13 / 108
gege51
30 nov. 2009 à 20:39
Je l ai deja telechargé sur le bureau,c est ce que tu ma demandé plus haut,je dois recommencé?
merci
0
Réponse 14 / 108
gege51
30 nov. 2009 à 20:46
Est ce grave docteur!!!!!!!!!
merci pour ta patience
0
Réponse 15 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 21:06
Oui, tu refait comme post 4.
0
Réponse 16 / 108
gege51
30 nov. 2009 à 21:09
Voilà!
Logfile of random's system information tool 1.06 (written by random/random)
Run by j-y at 2009-11-30 21:08:42
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 23 GB (25%) free of 91 GB
Total RAM: 2047 MB (62% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll [2008-09-08 656968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ForceField Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-03-05 451976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-08 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll [2008-09-08 656968]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ForceField Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-03-05 451976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"GDFirewallTray"=C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"=C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe [2008-11-24 958024]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-03-05 546184]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-10-11 198160]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-11-29 2166784]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Internet Sweeper"=C:\WINDOWS\system32\SWEEPER.EXE [2004-10-27 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Eraserl.exe"=C:\Program Files\Eraser\Eraserl.exe [2006-04-11 237568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"=C:\Program Files\Real\RealPlayer\realplay.exe [2009-10-11 222728]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"SpywareTerminatorUpdate"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe [2009-11-29 3055616]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanUp!"=C:\Program Files\CleanUp!\Cleanup.exe [2003-08-07 323584]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2009-04-06 335943]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\CrosuS\CrosuSApp.exe"="C:\Program Files\CrosuS\CrosuSApp.exe:*:Enabled:Crosus"
"C:\Program Files\IGWarlord\igwarlord.exe"="C:\Program Files\IGWarlord\igwarlord.exe:*:Enabled:IGWarlord"
"C:\Documents and Settings\j-y\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\j-y\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\Spark Unlimited\Legendary\Binaries\Legendary.exe"="C:\Program Files\Spark Unlimited\Legendary\Binaries\Legendary.exe:*:Enabled:Legendary"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe"="C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe:*:Enabled:eBay Motors GRID Demo"
"C:\Program Files\Codemasters\GRID Demo\GRID.exe"="C:\Program Files\Codemasters\GRID Demo\GRID.exe:*:Enabled:GRID Demo"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd09793e-7211-11de-8bfe-0015f2b16a4b}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2009-11-30 20:14:36 ----D---- C:\Kill'em
2009-11-30 20:14:34 ----A---- C:\Kill'em.txt
2009-11-30 19:36:12 ----D---- C:\Program Files\trend micro
2009-11-30 19:36:11 ----D---- C:\rsit
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swsc.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swreg.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-11-30 15:54:11 ----D---- C:\Documents and Settings\j-y\Application Data\Malwarebytes
2009-11-30 15:53:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-30 15:53:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-29 16:57:47 ----A---- C:\caisslog.txt
2009-11-29 11:31:01 ----D---- C:\Program Files\Greatis
2009-11-29 10:32:17 ----D---- C:\Documents and Settings\j-y\Application Data\Spyware Terminator
2009-11-29 10:32:15 ----D---- C:\Program Files\Spyware Terminator
2009-11-29 10:32:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-11-29 09:52:15 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2009-11-29 09:11:57 ----D---- C:\Program Files\a-squared Anti-Malware
2009-11-24 12:16:59 ----D---- C:\Program Files\Microsoft
2009-11-24 12:16:45 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-24 12:11:30 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-11-13 18:37:53 ----D---- C:\Documents and Settings\j-y\Application Data\vlc

======List of files/folders modified in the last 1 months======

2009-11-30 21:08:22 ----D---- C:\WINDOWS\Temp
2009-11-30 20:15:37 ----D---- C:\WINDOWS\Prefetch
2009-11-30 20:15:37 ----A---- C:\AUTOEXEC.BAT
2009-11-30 20:15:20 ----D---- C:\WINDOWS
2009-11-30 20:15:14 ----D---- C:\WINDOWS\system32
2009-11-30 20:15:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-30 20:14:46 ----D---- C:\Program Files\Internet Explorer
2009-11-30 19:36:12 ----RD---- C:\Program Files
2009-11-30 19:25:53 ----A---- C:\rapport.txt
2009-11-30 19:25:10 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-30 18:47:21 ----D---- C:\Documents and Settings\j-y\Application Data\#ISW.FS#
2009-11-30 17:37:18 ----D---- C:\Program Files\Eraser
2009-11-30 17:05:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-30 16:56:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-30 15:53:55 ----D---- C:\WINDOWS\system32\drivers
2009-11-29 10:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 10:08:49 ----D---- C:\Program Files\eMule
2009-11-29 07:57:56 ----D---- C:\Program Files\TuneUp Utilities 2008
2009-11-29 07:26:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-29 06:33:23 ----D---- C:\Program Files\a-squared Free
2009-11-27 16:15:17 ----D---- C:\Documents and Settings\j-y\Application Data\U3
2009-11-27 16:05:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-25 15:20:12 ----SHD---- C:\WINDOWS\Installer
2009-11-25 15:20:12 ----HD---- C:\Config.Msi
2009-11-25 15:20:06 ----HD---- C:\WINDOWS\inf
2009-11-25 15:19:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 15:19:47 ----D---- C:\WINDOWS\WinSxS
2009-11-24 12:16:28 ----RSD---- C:\WINDOWS\Fonts
2009-11-24 12:16:22 ----D---- C:\Program Files\Windows Live
2009-11-24 12:11:30 ----D---- C:\Program Files\Fichiers communs
2009-11-24 12:11:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-11 10:57:36 ----D---- C:\WINDOWS\Debug
2009-11-11 07:13:20 ----A---- C:\WINDOWS\win.ini
2009-11-08 09:32:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-08 07:22:06 ----D---- C:\Documents and Settings\j-y\Application Data\Image Zone Express
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-26 25768]
R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R2 ISWKL;ForceField ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-09-01 3712]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-11-11 104512]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2008-06-04 673600]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-16 47360]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]
S2 CX88TS;WinFast BDA Transport Stream Capture (CX2388x); C:\WINDOWS\system32\drivers\cx88ts.sys [2005-06-28 13440]
S3 catchme;catchme; \??\C:\DOCUME~1\j-y\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CXBDATUNE;WinFast CX2388x BDA DVB-T Tuner/Demod; C:\WINDOWS\system32\drivers\cxBDAtun.sys [2005-06-28 21376]
S3 DSDrv4;DSDrv4; C:\WINDOWS\system32\drivers\DSDrv4.sys []
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-02-28 280644]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-16 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-16 21744]
S3 HWIONT;HWIONT; C:\WINDOWS\system32\drivers\HWIONT.sys []
S3 icsak;icsak; \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-05 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-11-29 1858144]
R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
R2 AVKService;Planificateur G DATA; C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Gardien d'AntiVirus; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-09-08 1185496]
R2 IswSvc;ForceField IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-03-05 390536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-08 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-29 488960]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2009-03-08 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-08 14336]
R3 GDFwSvc;Pare-feu personnel G DATA; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-10-30 1407976]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-23 355584]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
0
Réponse 17 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 21:19
Il me manque le log Hijackthis :

telecharge Hijackthis ici :


https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/

Refait un rapport Rsit comme post 4.
0
Réponse 18 / 108
gege51
30 nov. 2009 à 21:23
Desole mais je fais un rapport Rsit ou un avec hijackthis
merci
0
Réponse 19 / 108
flo-91 Messages postés 5646 Date d'inscription mardi 19 mai 2009 Statut Contributeur sécurité Dernière intervention 31 octobre 2019 1 118
30 nov. 2009 à 21:24
Rapport RSIT comme post 4 j'ai dit.
0
Réponse 20 / 108
gege51
30 nov. 2009 à 21:25
Logfile of random's system information tool 1.06 (written by random/random)
Run by j-y at 2009-11-30 21:25:07
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 23 GB (25%) free of 91 GB
Total RAM: 2047 MB (62% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll [2008-09-08 656968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ForceField Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-03-05 451976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-08 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll [2008-09-08 656968]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ForceField Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-03-05 451976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"GDFirewallTray"=C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"=C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe [2008-11-24 958024]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-03-05 546184]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-10-11 198160]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-11-29 2166784]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Internet Sweeper"=C:\WINDOWS\system32\SWEEPER.EXE [2004-10-27 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Eraserl.exe"=C:\Program Files\Eraser\Eraserl.exe [2006-04-11 237568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"=C:\Program Files\Real\RealPlayer\realplay.exe [2009-10-11 222728]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"SpywareTerminatorUpdate"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe [2009-11-29 3055616]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanUp!"=C:\Program Files\CleanUp!\Cleanup.exe [2003-08-07 323584]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2009-04-06 335943]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\CrosuS\CrosuSApp.exe"="C:\Program Files\CrosuS\CrosuSApp.exe:*:Enabled:Crosus"
"C:\Program Files\IGWarlord\igwarlord.exe"="C:\Program Files\IGWarlord\igwarlord.exe:*:Enabled:IGWarlord"
"C:\Documents and Settings\j-y\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\j-y\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\Spark Unlimited\Legendary\Binaries\Legendary.exe"="C:\Program Files\Spark Unlimited\Legendary\Binaries\Legendary.exe:*:Enabled:Legendary"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe"="C:\Program Files\Codemasters\eBay Motors GRID Demo\GRID.exe:*:Enabled:eBay Motors GRID Demo"
"C:\Program Files\Codemasters\GRID Demo\GRID.exe"="C:\Program Files\Codemasters\GRID Demo\GRID.exe:*:Enabled:GRID Demo"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd09793e-7211-11de-8bfe-0015f2b16a4b}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2009-11-30 20:14:36 ----D---- C:\Kill'em
2009-11-30 20:14:34 ----A---- C:\Kill'em.txt
2009-11-30 19:36:12 ----D---- C:\Program Files\trend micro
2009-11-30 19:36:11 ----D---- C:\rsit
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swsc.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\swreg.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-11-30 19:24:38 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-11-30 15:54:11 ----D---- C:\Documents and Settings\j-y\Application Data\Malwarebytes
2009-11-30 15:53:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-30 15:53:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-29 16:57:47 ----A---- C:\caisslog.txt
2009-11-29 11:31:01 ----D---- C:\Program Files\Greatis
2009-11-29 10:32:17 ----D---- C:\Documents and Settings\j-y\Application Data\Spyware Terminator
2009-11-29 10:32:15 ----D---- C:\Program Files\Spyware Terminator
2009-11-29 10:32:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-11-29 09:52:15 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2009-11-29 09:11:57 ----D---- C:\Program Files\a-squared Anti-Malware
2009-11-24 12:16:59 ----D---- C:\Program Files\Microsoft
2009-11-24 12:16:45 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-24 12:11:30 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-11-13 18:37:53 ----D---- C:\Documents and Settings\j-y\Application Data\vlc

======List of files/folders modified in the last 1 months======

2009-11-30 21:24:54 ----D---- C:\WINDOWS\Temp
2009-11-30 20:15:37 ----D---- C:\WINDOWS\Prefetch
2009-11-30 20:15:37 ----A---- C:\AUTOEXEC.BAT
2009-11-30 20:15:20 ----D---- C:\WINDOWS
2009-11-30 20:15:14 ----D---- C:\WINDOWS\system32
2009-11-30 20:15:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-30 20:14:46 ----D---- C:\Program Files\Internet Explorer
2009-11-30 19:36:12 ----RD---- C:\Program Files
2009-11-30 19:25:53 ----A---- C:\rapport.txt
2009-11-30 19:25:10 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-30 18:47:21 ----D---- C:\Documents and Settings\j-y\Application Data\#ISW.FS#
2009-11-30 17:37:18 ----D---- C:\Program Files\Eraser
2009-11-30 17:05:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-30 16:56:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-30 15:53:55 ----D---- C:\WINDOWS\system32\drivers
2009-11-29 10:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 10:08:49 ----D---- C:\Program Files\eMule
2009-11-29 07:57:56 ----D---- C:\Program Files\TuneUp Utilities 2008
2009-11-29 07:26:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-29 06:33:23 ----D---- C:\Program Files\a-squared Free
2009-11-27 16:15:17 ----D---- C:\Documents and Settings\j-y\Application Data\U3
2009-11-27 16:05:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-25 15:20:12 ----SHD---- C:\WINDOWS\Installer
2009-11-25 15:20:12 ----HD---- C:\Config.Msi
2009-11-25 15:20:06 ----HD---- C:\WINDOWS\inf
2009-11-25 15:19:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 15:19:47 ----D---- C:\WINDOWS\WinSxS
2009-11-24 12:16:28 ----RSD---- C:\WINDOWS\Fonts
2009-11-24 12:16:22 ----D---- C:\Program Files\Windows Live
2009-11-24 12:11:30 ----D---- C:\Program Files\Fichiers communs
2009-11-24 12:11:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-11 10:57:36 ----D---- C:\WINDOWS\Debug
2009-11-11 07:13:20 ----A---- C:\WINDOWS\win.ini
2009-11-08 09:32:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-08 07:22:06 ----D---- C:\Documents and Settings\j-y\Application Data\Image Zone Express
2009-11-05 18:36:21 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-26 25768]
R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R2 ISWKL;ForceField ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-09-01 3712]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-11-11 104512]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2008-06-04 673600]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-16 47360]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]
S2 CX88TS;WinFast BDA Transport Stream Capture (CX2388x); C:\WINDOWS\system32\drivers\cx88ts.sys [2005-06-28 13440]
S3 catchme;catchme; \??\C:\DOCUME~1\j-y\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CXBDATUNE;WinFast CX2388x BDA DVB-T Tuner/Demod; C:\WINDOWS\system32\drivers\cxBDAtun.sys [2005-06-28 21376]
S3 DSDrv4;DSDrv4; C:\WINDOWS\system32\drivers\DSDrv4.sys []
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-02-28 280644]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-16 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-16 21744]
S3 HWIONT;HWIONT; C:\WINDOWS\system32\drivers\HWIONT.sys []
S3 icsak;icsak; \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-05 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-11-29 1858144]
R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
R2 AVKService;Planificateur G DATA; C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Gardien d'AntiVirus; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-09-08 1185496]
R2 IswSvc;ForceField IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-03-05 390536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-08 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-11-29 488960]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2009-03-08 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-08 14336]
R3 GDFwSvc;Pare-feu personnel G DATA; C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-10-30 1407976]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-23 355584]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
djakool4 -

158 réponses
Great Teacher Onizuka SAISON 2
remi1912 -
Sorrow -

35 réponses
Extraire le contenu de plusieurs fichiers
politicus -
Syl_tls1 -

11 réponses