Rookit alureon detecté par avst

yoshi543 Messages postés 20 Date d'inscription   Statut Membre -  
 gen-hackman -
Bonjour,
Depuis maintenant 2 semaines jai un rootkit du nom d alureon sur mon pc. J 'ai tt essayé pour le supprimé mais il revien a chaque fois et je ne sai pa koi faire
Pourriez vous m aider svp ? Merci d avance
Configuration: Windows Vista
Firefox 3.0.16

38 réponses

  • 1
  • 2
Résumé de la discussion

Un rootkit nommé Alureon est au cœur d'un problème sur un PC fonctionnant sous Windows Vista, l'utilisateur déclarant survivre à deux semaines d'essais infructueux de suppression. Des conseils préconisent des outils anti-rootkit comme List&Kill'em en mode suppression, puis des manipulations pour identifier le fichier dans le système, et d'autres suggèrent l'usage de ComboFix avec des précautions relatives à l'antivirus. La détection par les antivirus est évoquée, avec la possibilité que la menace soit identifiée sous des noms variés, et des références à l'usage de ComboFix et à des avertissements sur les risques. En dernier élément, certains échanges renvoient vers des tutoriels externes et recommandent de suivre scrupuleusement les consignes liées à ComboFix et au téléchargement depuis des sources fiables.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    salut :

    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant scan all users

    ▶ règle-le sur "60 Days"

    ▶ dans la colonne de gauche , mets tout sur all

    ne modifie pas ceci :

    "files created whithin" et "files modified whithin"


    ▶Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt".
    0
  2. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
     
    merci de ta reponse jai fai le scan voici la lien pour le rapport OTL http://www.cijoint.fr/cjlink.php?file=cj200912/cijqMsSNQl.txt et le lien pour le rapport extra http://www.cijoint.fr/cjlink.php?file=cj200912/cijnzIFwW2.txt .
    0
  3. gen-hackman
     
    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    ▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.

    0
  4. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
     
    voila le rapport du scan
    List'em by g3n-h@ckm@n 1.1.7.0

    Thx to Chiquitine29.....& CCM team

    User : Alex (Administrateurs) # PC-DE-ALEX
    Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
    Start at: 11:32:48 | 31/12/2009
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18865
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 287,5 Go (157,3 Go free) | NTFS
    D:\ -> Disque fixe local | 10,59 Go (1,49 Go free) [RECOVERY] | NTFS
    E:\ -> Disque CD-ROM | 151,41 Mo (0 Mo free) [2009-12-31 1125] | UDF
    F:\ -> Disque amovible | 15,76 Go (15,5 Go free) [ALEX] | FAT32

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Alex\AppData\Local\Temp\BA3C.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    LightScribe Control Panel REG_SZ C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    HPAdvisor REG_SZ C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    DVDAgent REG_SZ "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    TSMAgent REG_SZ "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    CLMLServer for HP TouchSmart REG_SZ "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    TVAgent REG_SZ "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
    UCam_Menu REG_SZ "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    SmartMenu REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    UpdateLBPShortCut REG_SZ "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    UpdatePSTShortCut REG_SZ "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    QlbCtrl.exe REG_SZ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    UpdateP2GoShortCut REG_SZ "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    UpdatePDIRShortCut REG_SZ "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    HP Health Check Scheduler REG_SZ c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    WirelessAssistant REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    NeroFilterCheck REG_SZ C:\Windows\system32\NeroCheck.exe
    SysTrayApp REG_EXPAND_SZ %ProgramFiles%\IDT\WDM\sttray.exe
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
    ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
    EnableInstallerDetection REG_DWORD 1 (0x1)
    EnableLUA REG_DWORD 1 (0x1)
    EnableSecureUIAPaths REG_DWORD 1 (0x1)
    EnableVirtualization REG_DWORD 1 (0x1)
    PromptOnSecureDesktop REG_DWORD 1 (0x1)
    ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    scforceoption REG_DWORD 0 (0x0)
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    FilterAdministratorToken REG_DWORD 0 (0x0)
    EnableUIADesktopToggle REG_DWORD 0 (0x0)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    ===============

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ===============
    controles ActivX
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2357B3CF-7F8D-4451-8D81-FD6097610AEE}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    Wlansvc : 0x2
    SharedAccess : 0x2
    windefend : 0x2
    wuauserv : 0x2
    wscsvc : 0x2

    =========

    =======
    Drive :
    =======

    Défragmenteur de disque Windows
    Copyright (c) 2006 Microsoft Corp.

    Rapport d'analyse pour le volume C:

    Taille du volume = 288 Go
    Espace libre = 157 Go
    Étendue d'espace libre la plus grande = 77.75 Go
    Pourcentage de fragmentation des fichiers = 0 %

    Remarque : sur les volumes NTFS, les fragments de fichiers de plus de 64 Mo ne sont pas inclus dans les statistiques de fragmentation.

    Il n'est pas nécessaire de défragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    C:\Windows\mbr.exe

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"

    ================
    Other infections
    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-31 11:43:52
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    a-squared Anti-Malware
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe
    adslTV
    AGEIA Technologies
    Ahead
    Alwil Software
    ATI
    ATI Technologies
    Avira
    Broadcom
    CCleaner
    CFWebAdvancedU
    Common Files
    CyberLink
    desktop.ini
    DIFX
    EasyBits For Kids
    eMule
    Fichiers communs
    Google
    Hewlett-Packard
    Hewlett-Packard Company
    HP
    HP Games
    IDT
    InstallShield Installation Information
    Intel
    Internet Explorer
    Java
    Lavasoft
    List_Kill'em
    Malwarebytes' Anti-Malware
    Microsoft
    Microsoft Games
    Microsoft Office
    Microsoft Visual Studio
    Microsoft Visual Studio 8
    Microsoft Works
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MSBuild
    MSXML 4.0
    muvee Technologies
    Nero
    Online Services
    Realtek
    Reference Assemblies
    SMINST
    Synaptics
    Trend Micro
    Uninstall Information
    Unreal Tournament 3
    VideoLAN
    Windows Calendar
    Windows Collaboration
    Windows Defender
    Windows Journal
    Windows Live
    Windows Mail
    Windows Media Player
    Windows NT
    Windows Photo Gallery
    Windows Portable Devices
    Windows Sidebar
    WinRAR
    World of Warcraft
    WowCartographe

    ============
    Lecteur C:
    ============

    $RECYCLE.BIN
    autoexec.bat
    boot
    bootmgr
    config.sys
    Documents and Settings
    hiberfil.sys
    HP
    Kill'em
    List'em.txt
    MSOCache
    pagefile.sys
    PerfLogs
    Program Files
    ProgramData
    SWSetup
    System Volume Information
    System.sav
    Users
    Windows
    World of Warcraft

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\PatchNew.py
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\PatchSEditorX_PDRFULL.bat
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLAUD.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLDemuxer.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLDumpDispatch.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLEdtDemuxer.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLM4Muxer.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLM4Splt.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLMediaDetect.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLMPEGVAnalyzer.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLMpgSplitter.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLSEditorMuxGraph.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLSEditorPushSrc.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLSEditorSplitGraph.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_CLSEditorX.ini
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Dump\DIEGO\SVRT3\debug\PatchTool\Template_MpgMuxer.ini
    C:\Program Files\World of Warcraft\Patch.html
    C:\Program Files\World of Warcraft\Patch.txt
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m00s\Patch-09-09-2009-23h19m00s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m00s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m04s\Patch-09-09-2009-23h19m04s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m04s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m09s\Patch-09-09-2009-23h19m09s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m09s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m13s\Patch-09-09-2009-23h19m13s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m13s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m18s\Patch-09-09-2009-23h19m18s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m18s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m24s\Patch-09-09-2009-23h19m24s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m24s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m28s\Patch-09-09-2009-23h19m28s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m28s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m32s\Patch-09-09-2009-23h19m32s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m32s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m35s\Patch-09-09-2009-23h19m35s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m35s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m39s\Patch-09-09-2009-23h19m39s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m39s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m42s\Patch-09-09-2009-23h19m42s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m42s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m46s\Patch-09-09-2009-23h19m46s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m46s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m53s\Patch-09-09-2009-23h19m53s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h19m53s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h20m00s\Patch-09-09-2009-23h20m00s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h20m00s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h20m06s\Patch-09-09-2009-23h20m06s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h20m06s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h20m14s\Patch-09-09-2009-23h20m14s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h20m14s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h20m28s\Patch-09-09-2009-23h20m28s.log
    C:\ProgramData\NortonInstaller\Logs\09-09-2009-23h20m28s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-15h48m28s\Patch-09-10-2009-15h48m28s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-15h48m28s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m17s\Patch-09-10-2009-16h00m17s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m18s\Patch-09-10-2009-16h00m18s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m18s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m23s\Patch-09-10-2009-16h00m23s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m23s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m29s\Patch-09-10-2009-16h00m29s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m29s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m36s\Patch-09-10-2009-16h00m36s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m36s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m47s\Patch-09-10-2009-16h00m47s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h00m47s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h09m43s\Patch-09-10-2009-16h09m43s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-16h09m43s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-18h39m01s\Patch-09-10-2009-18h39m01s.log
    C:\ProgramData\NortonInstaller\Logs\09-10-2009-18h39m01s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-00h02m10s\Patch-09-11-2009-00h02m10s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-00h02m10s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-00h02m18s\Patch-09-11-2009-00h02m18s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-00h02m18s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-10h58m15s\Patch-09-11-2009-10h58m15s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-10h58m15s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m23s\Patch-09-11-2009-11h11m23s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m23s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m27s\Patch-09-11-2009-11h11m27s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m27s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m30s\Patch-09-11-2009-11h11m30s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m30s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m33s\Patch-09-11-2009-11h11m33s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m33s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m35s\Patch-09-11-2009-11h11m35s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m35s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m38s\Patch-09-11-2009-11h11m38s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m38s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m40s\Patch-09-11-2009-11h11m40s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m40s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m42s\Patch-09-11-2009-11h11m42s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m42s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m44s\Patch-09-11-2009-11h11m44s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m44s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m53s\Patch-09-11-2009-11h11m53s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m53s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m56s\Patch-09-11-2009-11h11m56s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m56s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m59s\Patch-09-11-2009-11h11m59s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h11m59s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h12m07s\Patch-09-11-2009-11h12m07s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h12m07s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h12m14s\Patch-09-11-2009-11h12m14s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h12m14s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h12m54s\Patch-09-11-2009-11h12m54s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h12m54s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h15m12s\Patch-09-11-2009-11h15m12s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-11h15m12s\Patch.1.mft.7z
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-21h43m14s\Patch-09-11-2009-21h43m14s.log
    C:\ProgramData\NortonInstaller\Logs\09-11-2009-21h43m14s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m00s\Patch-09-09-2009-23h19m00s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m00s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m04s\Patch-09-09-2009-23h19m04s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m04s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m09s\Patch-09-09-2009-23h19m09s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m09s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m13s\Patch-09-09-2009-23h19m13s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m13s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m18s\Patch-09-09-2009-23h19m18s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m18s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m24s\Patch-09-09-2009-23h19m24s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m24s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m28s\Patch-09-09-2009-23h19m28s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m28s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m32s\Patch-09-09-2009-23h19m32s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m32s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m35s\Patch-09-09-2009-23h19m35s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m35s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m39s\Patch-09-09-2009-23h19m39s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m39s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m42s\Patch-09-09-2009-23h19m42s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m42s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m46s\Patch-09-09-2009-23h19m46s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m46s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m53s\Patch-09-09-2009-23h19m53s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h19m53s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h20m00s\Patch-09-09-2009-23h20m00s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h20m00s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h20m06s\Patch-09-09-2009-23h20m06s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h20m06s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h20m14s\Patch-09-09-2009-23h20m14s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h20m14s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h20m28s\Patch-09-09-2009-23h20m28s.log
    C:\Users\All Users\NortonInstaller\Logs\09-09-2009-23h20m28s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-15h48m28s\Patch-09-10-2009-15h48m28s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-15h48m28s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m17s\Patch-09-10-2009-16h00m17s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m18s\Patch-09-10-2009-16h00m18s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m18s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m23s\Patch-09-10-2009-16h00m23s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m23s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m29s\Patch-09-10-2009-16h00m29s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m29s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m36s\Patch-09-10-2009-16h00m36s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m36s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m47s\Patch-09-10-2009-16h00m47s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h00m47s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h09m43s\Patch-09-10-2009-16h09m43s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-16h09m43s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-18h39m01s\Patch-09-10-2009-18h39m01s.log
    C:\Users\All Users\NortonInstaller\Logs\09-10-2009-18h39m01s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-00h02m10s\Patch-09-11-2009-00h02m10s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-00h02m10s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-00h02m18s\Patch-09-11-2009-00h02m18s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-00h02m18s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-10h58m15s\Patch-09-11-2009-10h58m15s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-10h58m15s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m23s\Patch-09-11-2009-11h11m23s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m23s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m27s\Patch-09-11-2009-11h11m27s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m27s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m30s\Patch-09-11-2009-11h11m30s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m30s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m33s\Patch-09-11-2009-11h11m33s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m33s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m35s\Patch-09-11-2009-11h11m35s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m35s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m38s\Patch-09-11-2009-11h11m38s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m38s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m40s\Patch-09-11-2009-11h11m40s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m40s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m42s\Patch-09-11-2009-11h11m42s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m42s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m44s\Patch-09-11-2009-11h11m44s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m44s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m53s\Patch-09-11-2009-11h11m53s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m53s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m56s\Patch-09-11-2009-11h11m56s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m56s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m59s\Patch-09-11-2009-11h11m59s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h11m59s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h12m07s\Patch-09-11-2009-11h12m07s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h12m07s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h12m14s\Patch-09-11-2009-11h12m14s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h12m14s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h12m54s\Patch-09-11-2009-11h12m54s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h12m54s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h15m12s\Patch-09-11-2009-11h15m12s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-11h15m12s\Patch.1.mft.7z
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-21h43m14s\Patch-09-11-2009-21h43m14s.log
    C:\Users\All Users\NortonInstaller\Logs\09-11-2009-21h43m14s\Patch.1.mft.7z
    C:\Program Files\Microsoft Works\Install.exe
    C:\SWSetup\MSWorks\Install.exe
    C:\SWSetup\MSWorks\PFiles\MSWorks\Install.exe
    C:\Windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    Bonne Année

    ▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse
    0
  7. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
     
    bonne année a toi ossi voila le rapport du scan
    Kill'em by g3n-h@ckm@n 1.1.7.0

    User : Alex (Administrateurs) # PC-DE-ALEX
    Update on 30/12/2009 by g3n-h@ckm@n ::::: 23:45
    Start at: 09:05:59 | 02/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18865
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 287,5 Go (157,2 Go free) | NTFS
    D:\ -> Disque fixe local | 10,59 Go (1,59 Go free) [RECOVERY] | NTFS
    E:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\Windows\System32\smss.exe 500
    C:\Windows\system32\csrss.exe 568
    C:\Windows\system32\wininit.exe 632
    C:\Windows\system32\csrss.exe 640
    C:\Windows\system32\services.exe 680
    C:\Windows\system32\lsass.exe 696
    C:\Windows\system32\lsm.exe 704
    C:\Windows\system32\winlogon.exe 732
    C:\Windows\system32\svchost.exe 888
    C:\Windows\system32\svchost.exe 988
    C:\Windows\System32\svchost.exe 1036
    C:\Windows\system32\Ati2evxx.exe 1128
    C:\Windows\System32\svchost.exe 1196
    C:\Windows\System32\svchost.exe 1224
    C:\Windows\system32\svchost.exe 1256
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe 1296
    C:\Windows\system32\AUDIODG.EXE 1428
    C:\Windows\system32\svchost.exe 1452
    C:\Windows\system32\SLsvc.exe 1476
    C:\Windows\system32\Ati2evxx.exe 1524
    C:\Windows\system32\svchost.exe 1544
    C:\Windows\system32\Hpservice.exe 1616
    C:\Windows\system32\svchost.exe 1728
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1852
    C:\Windows\system32\WLANExt.exe 1860
    C:\Program Files\Alwil Software\Avast4\ashServ.exe 1892
    C:\Windows\System32\spoolsv.exe 440
    C:\Program Files\Avira\AntiVir Desktop\sched.exe 544
    C:\Windows\system32\svchost.exe 576
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe 1828
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe 792
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2224
    C:\Windows\system32\svchost.exe 2328
    C:\Program Files\SMINST\BLService.exe 2404
    C:\Program Files\CyberLink\Shared files\RichVideo.exe 2440
    C:\Windows\system32\svchost.exe 2604
    C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe 2656
    C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe 2732
    C:\Windows\system32\taskeng.exe 2824
    C:\Windows\System32\svchost.exe 2852
    C:\Windows\system32\Dwm.exe 2964
    C:\Windows\Explorer.EXE 2972
    C:\Windows\system32\taskeng.exe 3040
    C:\Windows\system32\SearchIndexer.exe 3100
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3504
    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe 3524
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe 3548
    C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe 3572
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 3612
    C:\Program Files\Windows Defender\MSASCui.exe 3648
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3656
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3676
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe 3692
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3720
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3736
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe 3748
    C:\Program Files\IDT\WDM\sttray.exe 3772
    C:\Program Files\Java\jre6\bin\jusched.exe 3860
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3916
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3960
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 3984
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe 3992
    C:\Program Files\Windows Sidebar\sidebar.exe 4004
    C:\Windows\ehome\ehtray.exe 4032
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2836
    C:\Windows\System32\alg.exe 3336
    C:\Windows\system32\wbem\wmiprvse.exe 3668
    C:\Windows\ehome\ehmsas.exe 4352
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 4380
    C:\Windows\system32\wbem\wmiprvse.exe 4492
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4644
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 4752
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 4940
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe 5168
    C:\Program Files\Windows Media Player\wmpnscfg.exe 5496
    C:\Program Files\Windows Media Player\wmpnetwk.exe 5600
    C:\Windows\system32\SearchProtocolHost.exe 5992
    C:\Windows\system32\SearchFilterHost.exe 6016
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4244
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup 3976
    C:\Program Files\List_Kill'em\List_Kill'em.exe 156
    C:\Windows\system32\conime.exe 2312
    C:\Windows\system32\cmd.exe 1148
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 2784
    C:\Users\Alex\AppData\Local\Temp\C8AB.tmp\pv.exe 6136

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    "C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log"
    "C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log"
    "C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log"
    "C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log"
    "C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log"
    "C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log"
    "C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log"
    "C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log"
    "C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log"
    "C:\Windows\mbr.exe"

    ¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

    Quarantine :

    MBR.exe.Kill'em
    {051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log.Kill'em
    {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log.Kill'em
    {23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log.Kill'em
    {40BF1E83-20EB-11D8-97C5-0009C5020658}.log.Kill'em
    {4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log.Kill'em
    {9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log.Kill'em
    {C59C179C-668D-49A9-B6EA-0121CCFC1243}.log.Kill'em
    {CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log.Kill'em
    {d36dd326-7280-11d8-97c8-000129760cbe}.log.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  8. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
     
    le rootkit est toujours sur mon ordi o fait
    0
  9. gen-hackman
     
    hello

    ▶ Télécharge : Gmer (by Przemyslaw Gmerek)

    ▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

    ▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

    Ensuite

    ▶ sur les lignes rouge:

    ▶ Services:cliques droit delete service
    ▶ Process:cliques droit kill process
    ▶ Adl ,file:cliques droit delete files
    0
  10. Hs32-Idir Messages postés 82 Statut Membre 1
     
    ci ta Intersepter le rootkit (Son fichier) telecharger BartPE e rebooter avec pui supprimer le manuelement.
    0
  11. gen-hackman
     
    si tu peux ecrire en francais c'est mieux aussi
    0
  12. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
     
    voici le rapport de gmer il nya pa eu de lignes rouges .
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-01-03 13:05:19
    Windows 6.0.6002 Service Pack 2
    Running: gmer.exe; Driver: C:\Users\Alex\AppData\Local\Temp\uglyykob.sys

    ---- System - GMER 1.0.15 ----

    SSDT 987C5280 ZwOpenProcess
    SSDT 987C5285 ZwOpenThread
    SSDT 987C528F ZwTerminateProcess
    SSDT 987C5294 ZwCreateThread

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [826AC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 [826AC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
    Device \Driver\atapi \Device\Ide\IdePort0 [826AC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
    Device \Driver\atapi \Device\Ide\IdePort1 [826AC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
    Device \Driver\atapi \Device\Ide\IdePort2 [826AC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
    Device \Driver\atapi \Device\Ide\IdePort3 [826AC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0x9D9D1000, 0x2892, 0xE8000020]
    .vmp2 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0x9D9F4050]
    .rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x826B0000]

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\system32\drivers\atapi.sys suspicious modification

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC06000, 0x2311A4, 0xE8000020]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[680] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 01300002
    IAT C:\Windows\system32\services.exe[680] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 01300000

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 221 820F4964 4 Bytes [94, 52, 7C, 98] {XCHG ESP, EAX; PUSH EDX; JL 0xffffffffffffff9c}
    .text ntkrnlpa.exe!KeSetEvent + 3F1 820F4B34 4 Bytes [80, 52, 7C, 98] {ADC BYTE [EDX+0x7c], 0x98}
    .text ntkrnlpa.exe!KeSetEvent + 40D 820F4B50 4 Bytes [85, 52, 7C, 98] {TEST [EDX+0x7c], EDX; CWDE }
    .text ntkrnlpa.exe!KeSetEvent + 621 820F4D64 4 Bytes [8F, 52, 7C, 98]

    ---- EOF - GMER 1.0.15 ----
    0
  13. gen-hackman
     
    mouais ca sent le patch atapi c't'histoire :


    /!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

    ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

    _______________________________________________________________
    >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
    >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
    ======================================================


    ▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ou renommé :

    http://ww38.toofiles.com/fr/oip/documents/exe/reader_sl.html , puis telecharge reader_sl

    http://www.cijoint.fr/cjlink.php?file=cj200912/cijrhf1tyT.zip (à dezipper)

    Avant d'utiliser ComboFix :
    ______________________________________________________________________
    >> referme les fenêtres de tous les programmes en cours.
    >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    >>la protection en temps réel de ton Antivirus et de tes Antispywares,
    >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


    ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

    ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    >> Reviens sur le forum, et

    ▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
    1. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
       
      re je vien d utiliser combofix mais apparament le rootkit est toujours la. Je te poste kan mm le rapport de l analyse
      ComboFix 10-01-03.05 - Alex 04/01/2010 18:59:02.2.2 - x86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3038.1836 [GMT 1:00]
      Lancé depuis: c:\users\Alex\Desktop\ComboFix.exe
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\$recycle.bin\S-1-5-21-3541030145-2230641323-1226403519-500
      c:\$recycle.bin\S-1-5-21-4071442212-4026893675-3040829628-500
      c:\windows\system32\oem9.inf

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-04 au 2010-01-04 ))))))))))))))))))))))))))))))))))))
      .

      2010-01-04 18:08 . 2010-01-04 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
      2010-01-02 08:05 . 2010-01-02 08:06 -------- d-----w- C:\Kill'em
      2009-12-31 10:30 . 2009-12-31 10:30 -------- d-----w- c:\program files\List_Kill'em
      2009-12-31 08:59 . 2009-12-31 08:59 -------- d-----w- c:\programdata\{B9B58689-DCB0-4AD3-9025-18FF4082B5B0}
      2009-12-23 19:46 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2009-12-23 19:46 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2009-12-23 19:46 . 2009-12-23 19:46 -------- d-----w- c:\programdata\Avira
      2009-12-23 19:46 . 2009-12-23 19:46 -------- d-----w- c:\program files\Avira
      2009-12-19 12:29 . 2009-12-19 12:29 -------- d-----w- c:\program files\CFWebAdvancedU
      2009-12-12 09:46 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
      2009-12-12 09:46 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
      2009-12-12 09:46 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
      2009-12-09 19:48 . 2009-12-09 19:47 318976 ----a-w- c:\windows\system32\CF6960.exe
      2009-12-09 17:50 . 2009-12-09 17:50 318976 ----a-w- c:\windows\system32\CF16696.exe
      2009-12-09 17:38 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
      2009-12-08 20:29 . 2009-12-08 20:29 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
      2009-12-06 19:57 . 2009-12-09 20:10 -------- d-----w- c:\program files\a-squared Anti-Malware
      2009-12-05 19:18 . 2009-12-05 19:18 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
      2009-12-05 19:18 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-12-05 19:18 . 2009-12-05 19:18 -------- d-----w- c:\programdata\Malwarebytes
      2009-12-05 19:18 . 2009-12-05 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-12-05 19:18 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-12-05 19:13 . 2009-12-05 19:13 -------- d-----w- c:\program files\Trend Micro

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-01-04 17:47 . 2009-01-21 05:18 669566 ----a-w- c:\windows\system32\perfh00C.dat
      2010-01-04 17:47 . 2009-01-21 05:18 123556 ----a-w- c:\windows\system32\perfc00C.dat
      2009-12-30 15:36 . 2009-10-06 11:51 -------- d-----w- c:\program files\Google
      2009-12-30 15:33 . 2009-08-24 18:29 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc
      2009-12-12 09:48 . 2009-01-20 22:17 -------- d-----w- c:\programdata\Microsoft Help
      2009-12-12 09:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
      2009-12-08 20:34 . 2009-01-20 21:50 -------- d-----w- c:\programdata\WildTangent
      2009-12-08 20:34 . 2009-01-20 21:50 -------- d-----w- c:\program files\HP Games
      2009-11-24 23:54 . 2009-08-25 08:14 1280480 ----a-w- c:\windows\system32\aswBoot.exe
      2009-11-24 23:50 . 2009-08-25 08:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-11-24 23:50 . 2009-08-25 08:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-11-24 23:49 . 2009-08-25 08:14 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2009-11-24 23:49 . 2009-08-25 08:14 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2009-11-24 23:48 . 2009-08-25 08:14 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2009-11-24 23:47 . 2009-08-25 08:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-11-21 15:26 . 2009-09-03 19:58 -------- d-----w- c:\users\Alex\AppData\Roaming\CyberLink
      2009-11-21 06:40 . 2009-12-09 17:44 916480 ----a-w- c:\windows\system32\wininet.dll
      2009-11-21 06:34 . 2009-12-09 17:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
      2009-11-21 06:34 . 2009-12-09 17:44 71680 ----a-w- c:\windows\system32\iesetup.dll
      2009-11-21 04:59 . 2009-12-09 17:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
      2009-11-16 21:05 . 2009-11-16 21:05 -------- d-----w- c:\program files\Windows Portable Devices
      2009-11-16 21:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
      2009-11-16 21:05 . 2009-11-16 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
      2009-11-14 13:24 . 2009-11-14 13:24 64072 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe
      2009-11-09 17:27 . 2009-01-20 22:33 -------- d-----w- c:\program files\Java
      2009-11-02 19:42 . 2009-10-03 11:00 195456 ------w- c:\windows\system32\MpSigStub.exe
      2009-10-29 09:17 . 2009-11-26 20:16 2048 ----a-w- c:\windows\system32\tzres.dll
      2009-10-11 03:17 . 2009-09-30 11:44 411368 ----a-w- c:\windows\system32\deploytk.dll
      2009-10-08 21:08 . 2009-11-16 20:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
      2009-10-08 21:08 . 2009-11-16 20:04 234496 ----a-w- c:\windows\system32\oleacc.dll
      2009-10-08 21:07 . 2009-11-16 20:04 4096 ----a-w- c:\windows\system32\oleaccrc.dll
      2009-01-21 05:37 . 2009-01-21 05:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
      "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
      "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
      "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
      "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
      "TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
      "UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
      "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
      "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
      "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
      "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
      "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
      "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
      "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
      "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
      "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-26 450659]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "VistaSp2"=hex(b):4e,f5,72,46,16,4d,ca,01

      R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/08/2009 09:14 114768]
      R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/15 03:59];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [28/11/2008 17:04 87536]
      R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe [15/06/2009 02:27 77824]
      R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/12/2009 20:46 108289]
      R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/08/2009 09:14 20560]
      R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/08/2009 09:14 53328]
      R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
      R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 15:24 19456]
      R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [20/01/2009 23:37 365952]
      R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [26/11/2008 16:13 296320]
      R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [26/11/2008 16:13 116096]
      R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [20/01/2009 22:38 222512]
      R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 18:47 54784]
      R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23/10/2008 10:42 107360]
      S2 gupdate1ca467b5d805ceb;Service Google Update (gupdate1ca467b5d805ceb);c:\program files\Google\Update\GoogleUpdate.exe [06/10/2009 12:51 133104]
      S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      ezSharedSvc

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
      .
      Contenu du dossier 'Tâches planifiées'

      2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 11:51]

      2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 11:51]

      2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{21B4AACA-19BF-40B8-B038-C0E1B6204B07}.job
      - c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.fr/
      mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
      DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
      FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ojcwoq7q.default\
      FF - prefs.js: browser.startup.homepage - www.google.fr
      FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      MSConfigStartUp-NBAgent - c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-01-04 19:09
      Windows 6.0.6002 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys atapi.sys >>UNKNOWN [0x87F85F61]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0x82605d24
      \Driver\ACPI -> acpi.sys @ 0x80697d68
      \Driver\atapi -> atapi.sys @ 0x826d39b0
      IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

      **************************************************************************

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
      "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
      .
      Heure de fin: 2010-01-04 19:14:25
      ComboFix-quarantined-files.txt 2010-01-04 18:14

      Avant-CF: 166 775 017 472 octets libres
      Après-CF: 166 038 695 936 octets libres

      - - End Of File - - CEC1D7D81D3BF60C07849D24715658F3
      0
  14. gen-hackman
     
    tu n'as pas renomé Combofix comme demandé....

    l'as tu executé en clic droit "executer en tant qu admnistarteur" ?
    0
  15. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
     
    nn dsl jai oublié sa ya t il moyen de retourner en arrierre pour faire ces modifs ?
    0
  16. gen-hackman
     
    peux-tu deja le supprimer , le retelecharger en le renommant à l'enregistrement ?
    0
  17. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
     
    apparament oui je vien de le faire
    0
  18. gen-hackman
     
    ok execute-le en clic droit "executer en tant qu'administrateur"
    0
  19. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
     
    ok cbn je te refai le scan
    0
  20. gen-hackman
     
    ok
    0
    1. yoshi543 Messages postés 20 Date d'inscription   Statut Membre
       
      hello dsl du retard et du temps que jai mli a te repondre. Jai fai un scan en fesan ce ke tu ma di et voici le rapport du scan
      ComboFix 10-01-04.01 - Alex 10/01/2010 19:01:34.4.2 - x86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3038.1786 [GMT 1:00]
      Lancé depuis: c:\users\Alex\Desktop\alex.exe.exe
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-10 au 2010-01-10 ))))))))))))))))))))))))))))))))))))
      .

      2010-01-10 18:11 . 2010-01-10 18:11 -------- d-----w- c:\users\Public\AppData\Local\temp
      2010-01-10 18:11 . 2010-01-10 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
      2010-01-04 20:42 . 2010-01-04 20:42 86576 ----a-w- c:\users\Alex\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
      2010-01-04 20:42 . 2010-01-04 20:42 392728 ----a-w- c:\users\Alex\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
      2010-01-04 20:42 . 2010-01-04 20:42 132672 ----a-w- c:\users\Alex\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
      2010-01-02 08:05 . 2010-01-02 08:06 -------- d-----w- C:\Kill'em
      2009-12-31 08:59 . 2009-12-31 08:59 -------- d-----w- c:\programdata\{B9B58689-DCB0-4AD3-9025-18FF4082B5B0}
      2009-12-23 19:46 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2009-12-23 19:46 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2009-12-23 19:46 . 2009-12-23 19:46 -------- d-----w- c:\programdata\Avira
      2009-12-23 19:46 . 2009-12-23 19:46 -------- d-----w- c:\program files\Avira
      2009-12-19 12:29 . 2009-12-19 12:29 -------- d-----w- c:\program files\CFWebAdvancedU
      2009-12-12 09:46 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
      2009-12-12 09:46 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
      2009-12-12 09:46 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-01-10 16:43 . 2009-01-21 05:18 669566 ----a-w- c:\windows\system32\perfh00C.dat
      2010-01-10 16:43 . 2009-01-21 05:18 123556 ----a-w- c:\windows\system32\perfc00C.dat
      2010-01-04 20:07 . 2009-08-25 09:14 -------- d-----w- c:\program files\adslTV
      2010-01-04 20:07 . 2009-08-24 18:29 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc
      2010-01-04 20:02 . 2009-08-31 16:12 -------- d-----w- c:\program files\World of Warcraft
      2009-12-30 15:36 . 2009-10-06 11:51 -------- d-----w- c:\program files\Google
      2009-12-12 09:48 . 2009-01-20 22:17 -------- d-----w- c:\programdata\Microsoft Help
      2009-12-12 09:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
      2009-12-09 20:10 . 2009-12-06 19:57 -------- d-----w- c:\program files\a-squared Anti-Malware
      2009-12-09 19:47 . 2009-12-09 19:48 318976 ----a-w- c:\windows\system32\CF6960.exe
      2009-12-09 17:50 . 2009-12-09 17:50 318976 ----a-w- c:\windows\system32\CF16696.exe
      2009-12-08 20:34 . 2009-01-20 21:50 -------- d-----w- c:\programdata\WildTangent
      2009-12-08 20:34 . 2009-01-20 21:50 -------- d-----w- c:\program files\HP Games
      2009-12-08 20:29 . 2009-12-08 20:29 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
      2009-12-05 19:18 . 2009-12-05 19:18 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
      2009-12-05 19:18 . 2009-12-05 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-12-05 19:18 . 2009-12-05 19:18 -------- d-----w- c:\programdata\Malwarebytes
      2009-12-05 19:13 . 2009-12-05 19:13 -------- d-----w- c:\program files\Trend Micro
      2009-12-03 15:14 . 2009-12-05 19:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-12-03 15:13 . 2009-12-05 19:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-11-24 23:54 . 2009-08-25 08:14 1280480 ----a-w- c:\windows\system32\aswBoot.exe
      2009-11-24 23:50 . 2009-08-25 08:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-11-24 23:50 . 2009-08-25 08:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-11-24 23:49 . 2009-08-25 08:14 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2009-11-24 23:49 . 2009-08-25 08:14 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2009-11-24 23:48 . 2009-08-25 08:14 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2009-11-24 23:47 . 2009-08-25 08:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-11-21 15:26 . 2009-09-03 19:58 -------- d-----w- c:\users\Alex\AppData\Roaming\CyberLink
      2009-11-21 06:40 . 2009-12-09 17:44 916480 ----a-w- c:\windows\system32\wininet.dll
      2009-11-21 06:34 . 2009-12-09 17:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
      2009-11-21 06:34 . 2009-12-09 17:44 71680 ----a-w- c:\windows\system32\iesetup.dll
      2009-11-21 04:59 . 2009-12-09 17:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
      2009-11-16 21:05 . 2009-11-16 21:05 -------- d-----w- c:\program files\Windows Portable Devices
      2009-11-16 21:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
      2009-11-16 21:05 . 2009-11-16 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
      2009-11-14 13:24 . 2009-11-14 13:24 64072 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe
      2009-11-02 19:42 . 2009-10-03 11:00 195456 ------w- c:\windows\system32\MpSigStub.exe
      2009-10-29 09:17 . 2009-11-26 20:16 2048 ----a-w- c:\windows\system32\tzres.dll
      2009-01-21 05:37 . 2009-01-21 05:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
      .

      ((((((((((((((((((((((((((((( SnapShot@2010-01-04_18.09.23 )))))))))))))))))))))))))))))))))))))))))
      .
      + 2009-08-24 17:56 . 2010-01-10 16:41 13402 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4071442212-4026893675-3040829628-1000_UserData.bin
      - 2009-06-15 01:20 . 2010-01-04 17:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2009-06-15 01:20 . 2010-01-10 16:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2009-06-15 01:20 . 2010-01-10 16:38 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2009-06-15 01:20 . 2010-01-04 17:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2009-06-15 01:20 . 2010-01-04 17:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2009-06-15 01:20 . 2010-01-10 16:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2009-08-26 10:15 . 2010-01-10 16:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2009-08-26 10:15 . 2010-01-04 17:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2009-08-26 10:15 . 2010-01-04 17:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2009-08-26 10:15 . 2010-01-10 16:38 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2009-08-26 10:15 . 2010-01-04 17:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2009-08-26 10:15 . 2010-01-10 16:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2010-01-10 16:38 . 2010-01-10 16:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2010-01-04 17:40 . 2010-01-04 17:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2010-01-04 17:40 . 2010-01-04 17:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2010-01-10 16:38 . 2010-01-10 16:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2009-09-11 08:59 . 2010-01-10 16:38 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
      - 2009-09-11 08:59 . 2010-01-04 17:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
      + 2009-12-26 20:48 . 2010-01-07 21:17 565368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
      - 2009-12-26 20:48 . 2010-01-03 20:22 565368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
      "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
      "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
      "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
      "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
      "TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
      "UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
      "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
      "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
      "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
      "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
      "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
      "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
      "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
      "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
      "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-26 450659]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "VistaSp2"=hex(b):4e,f5,72,46,16,4d,ca,01

      R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/08/2009 09:14 114768]
      R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/15 03:59];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [28/11/2008 17:04 87536]
      R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe [15/06/2009 02:27 77824]
      R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/12/2009 20:46 108289]
      R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/08/2009 09:14 20560]
      R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/08/2009 09:14 53328]
      R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
      R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 15:24 19456]
      R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [20/01/2009 23:37 365952]
      R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [26/11/2008 16:13 296320]
      R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [26/11/2008 16:13 116096]
      R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [20/01/2009 22:38 222512]
      R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 18:47 54784]
      R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23/10/2008 10:42 107360]
      S2 gupdate1ca467b5d805ceb;Service Google Update (gupdate1ca467b5d805ceb);c:\program files\Google\Update\GoogleUpdate.exe [06/10/2009 12:51 133104]
      S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      ezSharedSvc

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
      .
      Contenu du dossier 'Tâches planifiées'

      2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 11:51]

      2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 11:51]

      2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{21B4AACA-19BF-40B8-B038-C0E1B6204B07}.job
      - c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
      .
      .
      ------- Examen supplémentaire -------
      .
      mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
      DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
      FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ojcwoq7q.default\
      FF - prefs.js: browser.search.selectedEngine - Bing
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
      FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA2&q=
      FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-01-10 19:11
      Windows 6.0.6002 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys atapi.sys >>UNKNOWN [0x87F48F61]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0x8260ad24
      \Driver\ACPI -> acpi.sys @ 0x806a0d68
      \Driver\atapi -> atapi.sys @ 0x826d89b0
      IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

      **************************************************************************

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
      "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
      .
      Heure de fin: 2010-01-10 19:16:46
      ComboFix-quarantined-files.txt 2010-01-10 18:16
      ComboFix2.txt 2010-01-04 18:14

      Avant-CF: 165 579 161 600 octets libres
      Après-CF: 165 551 538 176 octets libres

      - - End Of File - - B0FF0EBA0E2E165D9397C9B1E9DD9C82
      0
  • 1
  • 2