Bonjour, depuis quelques jours j'ai des problemes sur mon pc ,alors j'ai fais un scan avec Avira Antivir et ça m'a donné W\Conficker.z je l'ai supprimé mais il se regénère sachant que j'ai utilisé aussi Malwarebytes'Anti-malware et l'outil de Bitdefender et celui de Nod32 . S'il vous plait aidez moi a le desinfecter , j'ai deux pc infectés connectés sur le meme router .

Bonjour, Mon préférer ! Fait ceci : • Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau. • Double-clique sur RSIT.exe afin de lancer RSIT. • Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions). • RSIT téléchargera Hijackthis (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence. • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. • Poste le contenu de log.txt. • Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm

La GROSSE bébête n'est plus la :) Mais, il en reste quand même ! 1°) Tout d'abord ceci : &#9654 Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau : !! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !! &#9654 Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ... &#9654 option recherche puis [Entrée]. Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse ( le rapport est en outre sauvegardé ici -> C:\TB.txt ) Tutoriel Les Toolbars et leurs danger =========== 2°) Ensuite ceci : &#9654 Télécharge : Gmer (by Przemyslaw Gmerek) &#9654 Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre. &#9654 Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le) &#9654 sur les lignes rouge: &#9654 Services:cliques droit delete service &#9654 Process:cliques droit kill process &#9654 Adl ,file:cliques droit delete files Prochaine réponse deux rapports ;)) @+

Infecté par Conficker [Résolu]

Réponse 41 / 68

Profil bloqué
15 janv. 2010 à 16:05

excusez moi j'étais connecté sous le compte d'un ami maintenant voila mon nouveau compte
je vais vous poster le rapport dans quelques minutes

Réponse 42 / 68

Profil bloqué
15 janv. 2010 à 16:07

voila le rapport
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-15 15:05:52
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (26%) free of 19 GB
Total RAM: 247 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:26, on 15/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCNetSoftware\RAC Server\RACs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
D:\DJiNN\utdefender.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [USB Threat Defender] "D:\DJiNN\utdefender.exe" /b
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RACServerLogon - C:\WINDOWS\SYSTEM32\RACServerLogon2.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PCNetSoftware RAC Server - Miloslav Novotny N+P - C:\Program Files\PCNetSoftware\RAC Server\RACs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Réponse 43 / 68

Utilisateur anonyme
15 janv. 2010 à 16:18

La GROSSE bébête n'est plus la :) Mais, il en reste quand même !

1°) Tout d'abord ceci :

▶ Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :

!! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!

▶ Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...

▶ option recherche puis [Entrée].

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

Tutoriel

Les Toolbars et leurs danger

===========

2°) Ensuite ceci :

▶ Télécharge : Gmer (by Przemyslaw Gmerek)

▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files

Prochaine réponse deux rapports ;))

@+

Utilisateur anonyme
15 janv. 2010 à 16:19

c'est mbr.exe qu'il faut faire, car possible infection rootkit MBR

Réponse 44 / 68

Profil bloqué
15 janv. 2010 à 16:32

J'ai aussi un autre probleme quand j'execute msconfig on me dit que Windows ne trouve pas msconfig.exe . j'ai fais une recherche sur mon pc et j'ai trouvé qu'il est dans les quarantaines de UsbFix. Comment faire pour reparer ça .

Réponse 45 / 68

Utilisateur anonyme
15 janv. 2010 à 16:35

Une piste :

https://forums.commentcamarche.net/forum/affich-3121143-msconfig-ne-s-ouvre-pas

++

Réponse 46 / 68

Profil bloqué
15 janv. 2010 à 16:37

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
BIOS : 786B2 v1.11
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:18 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:18 Go (Free:4 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 15/01/2010|15:34 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\DAEMON Tools Toolbar

-----------\\ Extensions

(Administrateur) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Application Data\Microsoft\Internet Explorer\Quick Launch\ophcrack.lnk
C:\DOCUME~1\ADMINI~1\Application Data\uTorrent\nero.9+serial+crack.torrent
C:\DOCUME~1\ADMINI~1\Bureau\Keygen
C:\DOCUME~1\ADMINI~1\Bureau\A V DJ.Professional.V5.0R6\Atomix.Virtual.DJ.Professional.V5.0R6\Crack
C:\DOCUME~1\ADMINI~1\Bureau\A V DJ.Professional.V5.0R6\Atomix.Virtual.DJ.Professional.V5.0R6\Crack\serial.txt
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by DVT
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by TSRh
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen-RESURRECTiON
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by DVT\Download For All.url
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by DVT\dvt.nfo
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by DVT\file_id.diz
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by DVT\keymaker.exe
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by TSRh\Download For All.url
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by TSRh\KeyGen.exe
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen by TSRh\tsrh.nfo
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen-RESURRECTiON\Download For All.url
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen-RESURRECTiON\keygen.exe
C:\DOCUME~1\ADMINI~1\Bureau\AFR.v7.3.Build.121\Crack\Keygen-RESURRECTiON\RESURRECTiON.nfo
C:\DOCUME~1\ADMINI~1\Bureau\DDD.Pool.v1.2-Lz0\crack
C:\DOCUME~1\ADMINI~1\Bureau\DDD.Pool.v1.2-Lz0\crack\DDDPool.exe
C:\DOCUME~1\ADMINI~1\Bureau\Imtoo 3GP\keygen.exe
C:\DOCUME~1\ADMINI~1\Bureau\Keygen\Keygen.exe
C:\DOCUME~1\ADMINI~1\Bureau\Mobiola Bluetooth Webcam 2.58\crack
C:\DOCUME~1\ADMINI~1\Bureau\Mobiola Bluetooth Webcam 2.58\crack\BtCam.exe
C:\DOCUME~1\ADMINI~1\Favoris\Cracks - Serials
C:\DOCUME~1\ADMINI~1\Favoris\Cracks - Serials\Astalavista.box.sk.url
C:\DOCUME~1\ADMINI~1\Mes documents\Downloads\Programs\ophcrack-win32-installer-3.3.1.exe
C:\DOCUME~1\ALLUSE~1\Bureau\ophcrack.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\ophcrack
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\ophcrack\ophcrack.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\ophcrack\Uninstall.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\ophcrack\Website.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 15/01/2010|15:35 - Option : [1]

-----------\\ Fin du rapport a 15:35:21,15

Réponse 47 / 68

Utilisateur anonyme
15 janv. 2010 à 16:40

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci

▶ Tape sur "2" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré,

▶ poste son contenu ici.

Réponse 48 / 68

Profil bloqué
15 janv. 2010 à 16:42

mais attend d'abbord le deuxieme rapport je suis en train de scanner

Réponse 49 / 68

Profil bloqué
15 janv. 2010 à 18:08

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-15 17:07:26
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwryauoc.sys

---- System - GMER 1.0.15 ----

SSDT F9C28D6E ZwCreateKey
SSDT F9C28D64 ZwCreateThread
SSDT F9C28D73 ZwDeleteKey
SSDT F9C28D7D ZwDeleteValueKey
SSDT spuq.sys ZwEnumerateKey [0xF9425DA4]
SSDT spuq.sys ZwEnumerateValueKey [0xF9426132]
SSDT F9C28D82 ZwLoadKey
SSDT spuq.sys ZwOpenKey [0xF94070C0]
SSDT F9C28D50 ZwOpenProcess
SSDT F9C28D55 ZwOpenThread
SSDT spuq.sys ZwQueryKey [0xF942620A]
SSDT spuq.sys ZwQueryValueKey [0xF942608A]
SSDT F9C28D8C ZwReplaceKey
SSDT F9C28D87 ZwRestoreKey
SSDT F9C28D78 ZwSetValueKey
SSDT F9C28D5F ZwTerminateProcess

INT 0x62 ? 81358BF8
INT 0x82 ? 81358BF8
INT 0x83 ? 81358BF8
INT 0x83 ? 81358BF8
INT 0x83 ? 81239BF8
INT 0x83 ? 81358BF8

---- Kernel code sections - GMER 1.0.15 ----

? spuq.sys Le fichier spécifié est introuvable. !
? Combo-Fix.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F88F962C 5 Bytes JMP 812391D8
.text ar19xa05.SYS F8768386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ar19xa05.SYS F87683AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ar19xa05.SYS F87683C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ar19xa05.SYS F87683C9 1 Byte [30]
.text ar19xa05.SYS F87683C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\moi\catchme.sys Le chemin d'accès spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\explorer.exe[3980] SHELL32.dll!SHFileOperationW 7CA7FDEE 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 812EE2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9438D4C] spuq.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9438DA0] spuq.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9408042] spuq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F940813E] spuq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F94080C0] spuq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F9408800] spuq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F94086D6] spuq.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 812392D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9417E9C] spuq.sys
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlInitUnicodeString] 00021083
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!swprintf] 01B05E00
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeSetEvent] 5DE58B5B
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 7E8366C3
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 0F740028
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 89320C8D
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0002288B
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 66D00328
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmUnmapIoSpace] 002A7E83
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 0C8D1574
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IofCompleteRequest] 248B8932
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 0F000002
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IofCallDriver] 832A46B7
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmAllocateMappingAddress] E08303C0
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 66D003FC
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoConnectInterrupt] 002C7E83
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoDetachDevice] 0C8D1E74
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeWaitForSingleObject] 208B8932
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeInitializeEvent] 8A000002
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 83880846
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlInitAnsiString] 000001C0
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 2C4EB70F
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoQueueWorkItem] 8303C183
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmMapIoSpace] D103FCE1
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2E7E8366
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8D1C7400
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoReportResourceForDetection] 83893204
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000218
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2E4EB70F
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!PoRequestPowerIrp] 021C8B89
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] B70F0000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0C12E46
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!sprintf] 03D00304
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0CB389F2
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ObfDereferenceObject] 80000002
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0975013E
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 1B42E853
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ZwClose] C4830000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] B05E5F04
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] E58B5B01
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CCCCC35D
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!PoStartNextPowerIrp] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!PoCallDriver] 53EC8B55
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoCreateDevice] 08758B56
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0214BE83
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 57000000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ZwOpenKey] 45C60674
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 1EEB010B
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoStartTimer] 020C868B
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeInitializeTimer] C0850000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoInitializeTimer] 808A1074
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeInitializeDpc] 00000804
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeInitializeSpinLock] A03CF024
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoInitializeIrp] 0B45950F
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ZwCreateKey] 45C604EB
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 458A000B
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 88C0840B
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ZwSetValueKey] 840F0946
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000C1
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 14B30E8B
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoStartPacket] 1C8286C6
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 88010000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C859E
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoFreeMdl] A19E8800
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmUnlockPages] C600001C
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001C8686
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 86C60100
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00001CA2
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 70518B01
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8D52006A
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoStartNextPacket] 001C8886
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeBugCheckEx] 55E85000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 8B000023
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeSetTimer] 70518B0E
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeCancelTimer] 8D52016A
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!_allmul] 001CA486
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmProbeAndLockPages] 41E85000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!_except_handler3] 8B000023
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!PoSetPowerState] 18C4830E
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 1C8D9E88
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 9E880000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!_aulldiv] 00001CA9
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!strstr] 0E798366
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!_strupr] 74AAB000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeQuerySystemTime] 8186C636
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 1A00001C
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!KeTickCount] 1C8386C6
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] C6020000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoDeleteDevice] 001C8E86
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 86C60200
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00001CAA
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoAllocateIrp] 959E8802
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoAllocateMdl] 8800001C
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB19E
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmLockPagableDataSection] 96868800
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8800001C
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CB286
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!ExFreePoolWithTag] C61AEB00
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoFreeIrp] 001C8186
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!IoFreeWorkItem] 86C61200
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!InitSafeBootMode] 00001C83
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlCompareMemory] 8E868801
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!memmove] 001CAA86
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[ntoskrnl.exe!MmHighestUserAddress] 80968B00
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\ar19xa05.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 813571F8
Device \FileSystem\Fastfat \FatCdrom FF6E0458
Device \Driver\usbuhci \Device\USBPDO-0 812631F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 812EC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 812EC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 812EC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 812EC1F8
Device \Driver\usbuhci \Device\USBPDO-1 812631F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9BB11076-904C-4A72-BC03-0E253313C18E} FF8431F8
Device \Driver\usbuhci \Device\USBPDO-2 812631F8
Device \Driver\usbehci \Device\USBPDO-3 8125C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 813591F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 813591F8
Device \Driver\Cdrom \Device\CdRom0 FFAA01F8
Device \Driver\Cdrom \Device\CdRom1 FFAA01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 813581F8
Device \Driver\atapi \Device\Ide\IdePort0 813581F8
Device \Driver\atapi \Device\Ide\IdePort1 813581F8
Device \Driver\atapi \Device\Ide\IdePort2 813581F8
Device \Driver\atapi \Device\Ide\IdePort3 813581F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 813581F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{76E6D412-9402-41BE-9E12-09ADE8A2A3F3} FF8431F8
Device \Driver\NetBT \Device\NetBt_Wins_Export FF8431F8
Device \Driver\sptd \Device\3460714328 spuq.sys
Device \Driver\NetBT \Device\NetbiosSmb FF8431F8
Device \Driver\PCI_PNP0578 \Device\0000004d spuq.sys
Device \Driver\usbuhci \Device\USBFDO-0 812631F8
Device \Driver\usbuhci \Device\USBFDO-1 812631F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF8281F8
Device \Driver\usbuhci \Device\USBFDO-2 812631F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF8281F8
Device \Driver\usbehci \Device\USBFDO-3 8125C1F8
Device \Driver\Ftdisk \Device\FtControl 813591F8
Device \Driver\ar19xa05 \Device\Scsi\ar19xa051 FFA931F8
Device \Driver\ar19xa05 \Device\Scsi\ar19xa051Port4Path0Target0Lun0 FFA931F8
Device \FileSystem\Fastfat \Fat FF6E0458

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs FF671500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x39 0x1F 0xFB 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0xC0 0x9F 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0xC5 0x54 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x39 0x1F 0xFB 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0xC0 0x9F 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0xC5 0x54 0xC5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xE1 0xD5 0x7B 0xE1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{df34106b-868d-46da-a605-948c31a16a21}@Model 358
Reg HKLM\SOFTWARE\Classes\CLSID\{df34106b-868d-46da-a605-948c31a16a21}@Therad 24

---- EOF - GMER 1.0.15 ----

Réponse 50 / 68

Profil bloqué
15 janv. 2010 à 18:10

mais je n'ai pas trouvé de lignes rouges

Réponse 51 / 68

Profil bloqué
15 janv. 2010 à 18:33

voila le rapport de tooblar apres supression

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz )
BIOS : 786B2 v1.11
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:18 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:18 Go (Free:4 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 15/01/2010|17:28 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(Administrateur) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Application Data\Microsoft\Internet Explorer\Quick Launch\ophcrack.lnk
C:\DOCUME~1\ADMINI~1\Application Data\uTorrent\nero.9+serial+crack.torrent
C:\DOCUME~1\ADMINI~1\Bureau\Keygen
C:\DOCUME~1\ADMINI~1\Bureau\A V DJ.Professional.V5.0R6\Atomix.Virtual.DJ.Professional.V5.0R6\Crack
C:\DOCUME~1\ADMINI~1\Bureau\A V DJ.Professional.V5.0R6\Atomix.Virtual.DJ.Professional.V5.0R6\Crack\serial.txt
C:\DOCUME~1\ADMINI~1\Bureau\DDD.Pool.v1.2-Lz0\crack
C:\DOCUME~1\ADMINI~1\Bureau\DDD.Pool.v1.2-Lz0\crack\DDDPool.exe
C:\DOCUME~1\ADMINI~1\Bureau\Imtoo 3GP\keygen.exe
C:\DOCUME~1\ADMINI~1\Bureau\Keygen\Keygen.exe
C:\DOCUME~1\ADMINI~1\Bureau\Mobiola Bluetooth Webcam 2.58\crack
C:\DOCUME~1\ADMINI~1\Bureau\Mobiola Bluetooth Webcam 2.58\crack\BtCam.exe
C:\DOCUME~1\ADMINI~1\Favoris\Cracks - Serials
C:\DOCUME~1\ADMINI~1\Favoris\Cracks - Serials\Astalavista.box.sk.url
C:\DOCUME~1\ADMINI~1\Mes documents\Downloads\Programs\ophcrack-win32-installer-3.3.1.exe
C:\DOCUME~1\ALLUSE~1\Bureau\ophcrack.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\ophcrack
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\ophcrack\ophcrack.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\ophcrack\Uninstall.lnk
C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\ophcrack\Website.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 15/01/2010|15:35 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 15/01/2010|17:31 - Option : [2]

-----------\\ Fin du rapport a 17:31:37,03

Réponse 52 / 68

Utilisateur anonyme
15 janv. 2010 à 18:43

Télécharge mbr.exe de Gmer :
http://www2.gmer.net/mbr/mbr.exe
Sur le bureau.
Merci à Malekal pour le tutoriel

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe Un rapport sera généré : mbr.log
En cas d'infection, ce message MBR rootkit code detected va apparaitre.
Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra original MBR restored successfully !
Poste ce rapport et supprimes-le ensuite.

Relance mbr.exe et le nouveau mbr.log devrait être celui-ci :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Réponse 53 / 68

Profil bloqué
15 janv. 2010 à 18:57

voila le rapport
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Réponse 54 / 68

Utilisateur anonyme
15 janv. 2010 à 19:02

Un RSIT s'il te plait ;))

Réponse 55 / 68

Profil bloqué
15 janv. 2010 à 19:11

ok

Réponse 56 / 68

Profil bloqué
15 janv. 2010 à 19:14

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-15 18:12:05
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (26%) free of 19 GB
Total RAM: 247 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:43, on 15/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCNetSoftware\RAC Server\RACs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
D:\DJiNN\utdefender.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RACServerLogon - C:\WINDOWS\SYSTEM32\RACServerLogon2.dll

Réponse 57 / 68

Profil bloqué
15 janv. 2010 à 19:23

qu'est ce que t'en dis??

Réponse 58 / 68

Utilisateur anonyme
15 janv. 2010 à 19:25

Je reviens plus tard..

Réponse 59 / 68

Profil bloqué
15 janv. 2010 à 19:28

d'accord

Réponse 60 / 68

Profil bloqué
16 janv. 2010 à 15:23

ComboFix 10-01-14.06 - Administrateur 16/01/2010 14:03:43.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.247.103 [GMT 0:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\moi.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt

FILE ::
"c:\windows\system32\lncom_.exe.bat"
"c:\windows\system32\perfc00C.dat"
"c:\windows\system32\perfh00C.dat"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log
c:\windows\system32\lncom_.exe.bat
c:\windows\system32\msconfig.exe
c:\windows\system32\perfc00C.dat
c:\windows\system32\perfh00C.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BDTCLZNJ
-------\Legacy_HMWQLFJQ
-------\Legacy_MRKJYHAVD
-------\Service_bdtclznj
-------\Service_hmwqlfjq
-------\Service_mrkjyhavd

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-16 au 2010-01-16 ))))))))))))))))))))))))))))))))))))
.

2010-01-15 15:33 . 2010-01-15 17:31 -------- d-----w- C:\ToolBar SD
2010-01-14 18:07 . 2010-01-14 18:07 -------- d-----w- c:\windows\ServicePackFiles
2010-01-14 16:58 . 2010-01-14 22:31 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-14 16:49 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-14 16:49 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-14 16:49 . 2009-10-15 17:21 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-14 16:48 . 2009-03-06 14:46 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-14 16:48 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-14 16:48 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-14 16:48 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2010-01-14 16:48 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-14 16:48 . 2009-02-09 10:08 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-14 16:48 . 2009-02-06 16:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-01-14 16:48 . 2009-02-09 10:20 685056 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-14 16:48 . 2009-02-09 10:20 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-14 16:48 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-14 16:48 . 2009-06-21 22:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-14 16:46 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-14 16:46 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-14 16:46 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-14 16:46 . 2008-05-01 14:31 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-01-14 16:46 . 2009-07-10 13:41 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-14 16:46 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-14 16:45 . 2009-08-04 17:05 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-14 16:45 . 2009-08-04 17:05 2059776 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-14 16:45 . 2009-08-04 17:05 2182400 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-14 16:45 . 2009-08-04 17:05 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-14 16:45 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-01-14 16:45 . 2008-12-16 12:49 351232 -c----w- c:\windows\system32\dllcache\winhttp.dll
2010-01-14 16:45 . 2009-07-31 04:58 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-01-14 16:37 . 2008-07-09 07:40 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-14 16:36 . 2009-11-21 16:42 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-14 16:25 . 2008-02-26 12:00 294912 -c----w- c:\windows\system32\dllcache\msctf.dll
2010-01-14 16:24 . 2010-01-14 18:28 -------- d--h--w- c:\windows\$hf_mig$
2010-01-14 16:24 . 2008-10-15 16:59 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-14 14:55 . 2010-01-14 15:56 -------- d-----w- C:\UsbFix
2010-01-14 14:42 . 2010-01-15 18:12 -------- d-----w- c:\program files\trend micro
2010-01-14 14:42 . 2010-01-14 14:51 -------- d-----w- C:\rsit
2010-01-14 14:35 . 2010-01-14 14:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitDefender Deployment Tool
2010-01-14 14:33 . 2010-01-14 14:33 -------- d-----w- c:\program files\BitDefender
2010-01-14 14:32 . 2010-01-14 14:32 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2010-01-13 22:18 . 2010-01-13 22:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2010-01-13 22:18 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 22:18 . 2010-01-14 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 22:18 . 2010-01-13 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 22:18 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 18:21 . 2007-09-11 10:03 57344 ----a-w- c:\windows\system32\RACServerLogon2.dll
2010-01-13 18:21 . 2007-09-11 10:03 57344 ----a-w- c:\windows\system32\RACServerLogon.dll
2010-01-13 18:21 . 2010-01-13 18:21 -------- d-----w- c:\program files\PCNetSoftware
2010-01-13 17:53 . 2008-12-09 06:52 357376 ----a-w- c:\program files\regsearch.exe
2010-01-13 16:56 . 2010-01-13 16:56 -------- d-----w- c:\program files\AWinstall
2010-01-13 14:58 . 2010-01-15 17:50 -------- d-----w- C:\Lyrics
2010-01-13 14:55 . 2010-01-15 17:50 -------- d-----w- c:\program files\Minilyrics
2010-01-13 12:51 . 2010-01-13 12:51 -------- d-----w- c:\program files\NeoTrace Express
2010-01-13 12:36 . 2007-09-20 12:04 114688 ----a-w- c:\windows\system32\btcamvideosource.dll
2010-01-13 12:36 . 2010-01-13 12:37 -------- d-----w- c:\program files\Mobiola Web Camera 2 for S60 3rd Edition
2010-01-12 20:50 . 2010-01-13 16:07 -------- d-----w- c:\program files\UPX Shell
2010-01-12 19:46 . 2010-01-12 19:46 41888 ----a-w- c:\windows\system32\drivers\Oreans.sys
2010-01-12 19:46 . 2010-01-12 19:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MimarSinan
2010-01-12 14:03 . 2010-01-12 14:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\IconChanger
2010-01-12 14:00 . 2010-01-12 14:00 -------- d-----w- c:\program files\IconChanger
2010-01-11 14:13 . 2010-01-11 14:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LogMeIn Rescue
2010-01-11 14:10 . 2010-01-11 14:10 -------- d-----w- c:\program files\LogMeIn Rescue
2010-01-11 14:02 . 2010-01-11 14:02 -------- d-----w- c:\program files\MSN Password Recovery
2010-01-11 12:19 . 2010-01-11 12:19 -------- d-----w- c:\program files\MyLanViewer
2010-01-10 22:41 . 2010-01-10 22:41 -------- d-----w- c:\program files\Panasonic
2010-01-10 22:41 . 2006-02-27 11:45 36864 ----a-w- c:\windows\system32\SDDEVMGR.dll
2010-01-10 21:34 . 2010-01-10 21:34 -------- d-----w- c:\program files\Hotmail Popper
2010-01-10 21:34 . 2004-03-19 16:58 356352 ----a-w- c:\windows\bkuninst.exe
2010-01-10 21:31 . 2010-01-10 21:31 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Esteem Technology
2010-01-10 21:30 . 2010-01-10 21:30 -------- d-----w- c:\program files\Break Reminder 3
2010-01-08 20:46 . 2010-01-08 20:46 -------- d-----w- c:\program files\ElcomSoft
2010-01-08 20:32 . 2010-01-08 20:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Avira
2010-01-08 20:30 . 2010-01-08 20:30 -------- d-----w- c:\program files\SuperScan
2010-01-08 20:08 . 2010-01-14 22:57 -------- d-----w- c:\program files\Power Email Harvester
2010-01-02 10:45 . 2010-01-02 10:45 -------- d-----w- C:\found.001
2009-12-28 17:04 . 2001-08-23 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-27 14:36 . 2009-12-27 14:36 52263 ----a-w- c:\windows\BricoPackUninst.cmd
2009-12-27 14:32 . 2009-12-27 14:36 6120 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-12-27 14:32 . 2009-12-27 14:32 -------- d-----w- c:\windows\BricoPacks
2009-12-27 14:16 . 2009-12-27 14:16 -------- d-----w- c:\windows\system32\VIRepair
2009-12-27 13:50 . 2009-12-27 13:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ViStart
2009-12-27 13:50 . 2009-12-27 14:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ViSplore
2009-12-27 13:50 . 2009-12-27 13:50 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ViGlance
2009-12-27 13:45 . 2009-09-09 21:19 146412 ----a-w- c:\windows\system32\vilaunch.exe
2009-12-27 13:38 . 2009-12-27 14:18 -------- d-----w- c:\windows\system32\VITrans
2009-12-27 13:38 . 2009-12-27 13:49 -------- d-----w- C:\VTPFiles
2009-12-27 13:38 . 2006-12-03 17:15 111104 ----a-w- c:\windows\system32\Uharc.exe
2009-12-27 13:38 . 2006-12-03 17:15 19968 ----a-w- c:\windows\system32\reico.exe
2009-12-27 13:38 . 2006-12-03 17:15 69632 ----a-w- c:\windows\system32\moveex.exe
2009-12-27 13:38 . 2006-12-03 17:14 8636 ----a-w- c:\windows\system32\modifype.exe
2009-12-27 13:38 . 2004-11-27 19:00 94208 ----a-w- c:\windows\system32\pskill.exe
2009-12-27 13:36 . 2009-03-23 17:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2009-12-27 10:42 . 2009-12-27 10:42 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-27 10:41 . 2009-12-27 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-12-27 10:40 . 2009-12-27 11:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ICQ
2009-12-27 10:37 . 2010-01-11 16:53 -------- d-----w- c:\program files\ICQ6.5
2009-12-27 00:35 . 2009-12-27 00:35 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
2009-12-26 23:03 . 2009-12-26 23:03 -------- d-----w- c:\program files\VideoLAN
2009-12-26 19:21 . 2009-12-26 19:28 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TeamViewer
2009-12-26 19:20 . 2009-12-26 19:20 -------- d-----w- c:\program files\TeamViewer
2009-12-26 19:19 . 2009-12-26 19:19 -------- d-----w- c:\documents and settings\Administrateur\temp
2009-12-26 19:01 . 2010-01-12 21:09 -------- d-----w- c:\program files\Internet Download Manager
2009-12-26 18:43 . 2009-12-27 10:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\IDM
2009-12-25 21:39 . 2009-12-25 21:41 -------- d-----w- c:\program files\EasyPHP 3.0
2009-12-25 21:05 . 2009-12-25 21:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-25 18:51 . 2004-08-17 20:52 219648 -c--a-w- c:\windows\system32\dllcache\uxtheme.dll
2009-12-25 16:09 . 2009-12-25 16:09 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Passware
2009-12-25 15:52 . 2009-12-25 15:55 -------- d-----w- c:\program files\Unlocker
2009-12-25 15:23 . 2009-12-25 15:23 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Thinstall
2009-12-25 15:23 . 2009-12-25 15:23 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Thinstall
2009-12-25 14:01 . 2009-12-25 15:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 23:08 . 2009-12-24 23:08 -------- d-----w- c:\program files\UxTheme Multipatcher Fr
2009-12-24 22:43 . 2009-12-24 22:43 -------- d-----w- c:\program files\HDDGURU LLF Tool
2009-12-24 16:33 . 2009-12-24 16:36 -------- d-----w- c:\program files\ophcrack
2009-12-24 13:07 . 2009-12-27 13:52 46048 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-24 13:06 . 2009-12-24 13:07 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BACS.exe
2009-12-23 23:35 . 2007-10-30 12:42 74240 ----a-w- c:\windows\system32\DWRCST.EXE
2009-12-23 23:23 . 2009-12-23 23:23 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DWMRCMSI
2009-12-23 23:14 . 2009-12-23 23:26 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DameWare Development
2009-12-23 15:26 . 2009-12-23 15:26 -------- d-----w- c:\program files\PhotoInstrument
2009-12-23 13:08 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-23 12:17 . 2009-12-23 12:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Ahead
2009-12-22 12:13 . 2009-12-22 12:13 -------- d-----w- C:\found.000
2009-12-21 13:22 . 2009-12-21 13:22 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 14:16 . 2009-12-02 18:50 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DMCache
2010-01-16 14:15 . 2009-12-03 13:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2010-01-14 17:28 . 2010-01-14 16:40 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 16:26 . 2010-01-14 16:26 1024 ----a-w- c:\documents and settings\Administrateur\Application Data\IDM\DwnlData\Administrateur\WindowsXP-KB835935-SP2-FRA_148\WindowsXP-KB835935-SP2-FRA.exe
2010-01-13 17:55 . 2010-01-13 17:55 686 ----a-w- c:\program files\RegSearch.txt
2010-01-12 19:27 . 2009-12-02 17:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 14:57 . 2010-01-12 14:19 14336 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\76n0mnyw.default\extensions\playbox@toolbar\components\toolbarhomewmp.dll
2010-01-10 11:40 . 2009-12-14 17:31 -------- d-----w- c:\program files\Universal Share Downloader
2010-01-03 14:01 . 2009-12-02 18:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2010-01-03 12:40 . 2009-12-02 18:22 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2009-12-29 13:47 . 2009-12-03 13:02 -------- d-----w- c:\program files\uTorrent
2009-12-27 13:48 . 2009-12-17 00:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Hamachi
2009-12-26 19:04 . 2009-12-26 19:03 198064 ----a-w- c:\documents and settings\Administrateur\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-12-20 15:41 . 2009-12-13 20:49 -------- d-----w- c:\program files\Driver Genius
2009-12-20 14:36 . 2009-12-06 16:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Pro
2009-12-20 13:51 . 2009-12-13 16:34 -------- d-----w- c:\program files\CCleaner
2009-12-19 20:10 . 2009-12-02 18:15 -------- d-----w- c:\program files\Winamp
2009-12-19 18:04 . 2004-08-04 00:54 428032 ----a-w- c:\windows\system32\cmd.exe
2009-12-19 17:59 . 2009-12-11 02:08 1212080 ----a-w- c:\documents and settings\Administrateur\Application Data\GameRanger\GameRanger\GameRanger.exe
2009-12-19 17:40 . 2009-12-14 14:27 308224 ----a-w- c:\windows\IsUn040c.exe
2009-12-19 16:17 . 2009-12-02 17:40 118272 ----a-w- c:\windows\system32\calc.exe
2009-12-19 16:17 . 2009-12-02 17:40 444928 ----a-w- c:\windows\system32\mspaint.exe
2009-12-19 16:17 . 2009-12-02 17:40 411648 ----a-w- c:\windows\system32\mstsc.exe
2009-12-19 16:17 . 2001-08-28 14:00 152576 ----a-w- c:\windows\system32\sndvol32.exe
2009-12-19 16:17 . 2009-12-02 17:40 182272 ----a-w- c:\windows\system32\sndrec32.exe
2009-12-19 16:16 . 2004-08-04 00:55 1230848 ----a-w- c:\windows\system32\ntbackup.exe
2009-12-19 16:16 . 2009-12-02 17:40 80896 ----a-w- c:\windows\system32\charmap.exe
2009-12-19 16:13 . 2009-12-02 17:40 128000 ----a-w- c:\windows\system32\mshearts.exe
2009-12-19 16:13 . 2009-12-02 17:40 119808 ----a-w- c:\windows\system32\WINmine.exe
2009-12-19 16:13 . 2009-12-02 17:40 55808 ----a-w- c:\windows\system32\freecell.exe
2009-12-19 16:08 . 2009-12-02 17:40 57344 ----a-w- c:\windows\system32\sol.exe
2009-12-19 16:08 . 2009-12-02 17:40 539136 ----a-w- c:\windows\system32\spider.exe
2009-12-19 16:03 . 2004-08-04 00:55 32768 ----a-w- c:\windows\system32\odbcad32.exe
2009-12-17 12:15 . 2009-12-17 12:08 -------- d-----w- c:\program files\AMT Media Manager
2009-12-17 00:32 . 2009-12-17 00:29 16224 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-12-17 00:29 . 2009-12-17 00:29 -------- d-----w- c:\program files\Hamachi
2009-12-16 13:24 . 2009-12-16 13:24 -------- d-----w- c:\program files\Activision
2009-12-15 16:39 . 2009-12-05 12:40 -------- d-----w- c:\program files\EA GAMES
2009-12-15 12:21 . 2009-12-15 12:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-14 20:28 . 2009-12-02 17:46 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-12-14 14:31 . 2009-12-13 23:30 -------- d-----w- c:\program files\InterVideo
2009-12-14 14:31 . 2009-12-13 23:51 -------- d-----w- c:\program files\ChrisTV Lite
2009-12-14 14:31 . 2009-12-10 23:23 -------- d-----w- c:\program files\BitSpirit
2009-12-13 23:36 . 2009-12-13 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-12-13 23:30 . 2009-12-13 23:30 -------- d-----w- c:\program files\Fichiers communs\InterVideo
2009-12-13 21:50 . 2009-12-13 21:50 -------- d-----w- c:\program files\Intel
2009-12-13 21:48 . 2009-12-02 17:46 -------- d-----w- c:\program files\CyberLink
2009-12-13 19:59 . 2009-12-13 19:58 -------- d-----w- c:\program files\ma-config.com
2009-12-13 19:58 . 2009-12-13 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-12-11 21:28 . 2009-12-03 17:52 -------- d-----w- c:\program files\Dofus
2009-12-10 23:24 . 2009-12-10 23:24 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitSpirit
2009-12-10 15:48 . 2009-12-10 15:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AdobeUM
2009-12-10 15:48 . 2009-12-10 15:47 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-12-10 13:52 . 2009-12-10 13:52 -------- d-----w- c:\program files\IObit
2009-12-09 13:48 . 2009-12-02 20:45 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GameRanger
2009-12-08 21:26 . 2009-12-08 21:26 155312 ----a-w- c:\documents and settings\Administrateur\Application Data\GameRanger\GameRanger\Data\GameRanger.dll
2009-12-08 21:26 . 2009-12-08 21:26 48816 ----a-w- c:\documents and settings\Administrateur\Application Data\GameRanger\GameRanger\Data\GameRangerLaunch.dll
2009-12-08 11:07 . 2009-12-08 11:07 -------- d-----w- c:\program files\Microsoft.NET
2009-12-06 17:16 . 2009-12-02 18:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2009-12-06 16:59 . 2009-12-06 16:59 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-06 13:27 . 2009-12-06 13:27 -------- d-----w- c:\program files\Common Files
2009-12-06 13:07 . 2009-12-06 13:07 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-06 13:07 . 2009-12-06 13:07 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab
2009-12-06 13:07 . 2009-12-06 13:07 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-12-06 13:07 . 2009-12-06 13:07 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-12-06 13:07 . 2009-12-06 13:07 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-12-06 13:07 . 2009-12-06 13:07 138240 ----a-w- c:\documents and settings\Administrateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-12-06 00:49 . 2009-12-06 00:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-12-06 00:27 . 2009-12-06 00:27 -------- d-----w- c:\program files\DDD Pool_at
2009-12-06 00:24 . 2009-12-06 00:24 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-03 20:52 . 2009-12-02 17:44 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-02 20:13 . 2009-12-02 20:13 -------- d-----w- c:\program files\Microsoft Games
2009-12-02 19:49 . 2009-12-02 19:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 19:48 . 2009-12-02 19:48 -------- d-----w- c:\program files\Java
2009-12-02 19:46 . 2009-12-02 19:46 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-02 19:45 . 2009-12-02 19:45 79488 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-02 19:05 . 2009-12-02 19:05 -------- d-----w- c:\program files\Windows Live
2009-12-02 18:28 . 2009-12-02 18:28 -------- d-----w- c:\program files\Alwil Software
2009-12-02 18:22 . 2009-12-02 18:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-02 18:18 . 2009-12-02 18:18 -------- d-----r- c:\program files\Skype
2009-12-02 18:18 . 2009-12-02 18:18 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-12-02 18:18 . 2009-12-02 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-02 18:09 . 2009-12-02 18:09 0 ----a-w- c:\windows\nsreg.dat
2009-12-02 17:58 . 2009-12-02 17:58 -------- d-----w- c:\program files\Analog Devices
2009-12-02 17:57 . 2009-12-02 17:56 -------- d-----w- c:\program files\Broadcom
2009-12-02 17:47 . 2009-12-02 17:47 -------- d-----w- c:\program files\Ahead
2009-12-02 17:47 . 2009-12-02 17:47 -------- d-----w- c:\program files\Fichiers communs\Ahead
2009-12-02 17:46 . 2009-12-02 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-12-02 17:43 . 2009-12-02 17:43 -------- d-----w- c:\program files\Services en ligne
2009-12-02 17:41 . 2009-12-02 17:41 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-30 19:37 . 2009-11-30 19:37 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-21 16:42 . 2004-08-04 00:54 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-06-03 18:35 . 2010-01-13 17:53 2560 ----a-w- c:\program files\History.txt
2007-06-03 18:31 . 2010-01-13 17:53 916 ----a-w- c:\program files\Options.txt
.

------- Sigcheck -------

[-] 2008-04-14 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\mshtml.dll
[-] 2004-08-04 . 5FBFB9097AD849CEDA0B34F8407ADCEE . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll

[-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wininet.dll
[-] 2004-08-04 . F6AD4C0F992B3B51C044AD74D9E2E854 . 694784 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll

[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe
[-] 2004-08-04 . 9F3B76C8CF787449A47F05ABAB4E13E6 . 978432 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wscntfy.exe

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll
[-] 2004-10-31 16:59 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\regsvc.dll

c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\regsvc.dll ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-19 289584]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-09-16 5724184]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-12-26 3118512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-04 138240]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RACServerLogon]
2007-09-11 10:03 57344 ----a-w- c:\windows\system32\RACServerLogon2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
2003-05-08 11:34 69632 ------w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-12-26 19:03 3118512 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 10:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 10:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 10:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-09-16 13:14 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 08:57 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Threat Defender]
2009-07-01 22:43 1215488 ----a-w- d:\djinn\utdefender.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Administrateur\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PCNetSoftware\\RAC Server\\RACs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6129:TCP"= 6129:TCP:DameWare Mini Remote Control Service

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [19/12/2009 20:39 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/12/2009 20:39 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [19/12/2009 20:39 434945]
R2 PCNetSoftware RAC Server;PCNetSoftware RAC Server;c:\program files\PCNetSoftware\RAC Server\RACs.exe [13/01/2010 18:21 3186688]
R2 RACDriver;RAC driver;c:\program files\PCNetSoftware\RAC Server\RACDriver.sys [13/01/2010 18:21 8208]
S2 qpbhwg;System Shell;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 00:55 14336]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [13/12/2009 21:31 4134]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/12/2009 15:43 238960]
S3 VMHybrid;VMHybrid service;c:\windows\system32\DRIVERS\VMHybrid.sys --> c:\windows\system32\DRIVERS\VMHybrid.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/12/2009 16:59 722416]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\76n0mnyw.default\
FF - component: c:\documents and settings\Administrateur\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\76n0mnyw.default\extensions\playbox@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\76n0mnyw.default\extensions\TechnicianConsole@logmeinrescue.com\platform\WINNT\plugins\npRescue.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 14:13
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e1,d5,7b,e1,e2,0c,ee,3b,96,e4,fd,85,5d,aa,5c,c2,e7,96,bb,6d,c9,
33,de,b4,52,a3,dd,0d,a8,95,0a,aa,f8,96,db,4f,84,59,85,09,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{df34106b-868d-46da-a605-948c31a16a21}]
@Denied: (Full) (Everyone)
"Model"=dword:00000166
"Therad"=dword:00000018
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\RACServerLogon2.dll

- - - - - - - > 'lsass.exe'(776)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(464)
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\system32\ntshrui.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Heure de fin: 2010-01-16 14:21:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-16 14:21
ComboFix2.txt 2010-01-15 13:06

Avant-CF: 5 211 357 184 octets libres
Après-CF: 5 192 388 608 octets libres

- - End Of File - - B2296D72081DEAAB18A281825DF00D18

Infecté par Conficker

68 réponses

Discussions similaires

Newsletters