Bonjour, Il y a deux jours j'ai sans vraiment faire gaffe cliqué sur un lien (sous la forme d'alerte sécurité) me proposant de télécharger un logiciel anti-virus. Voici la forme de l'alerte : Securité Internet Windows Votre navigateur est sous danger d’être infecté. Windows vous demande la permission d’installer l’outil de protection. Votre navigateur fonctionne dans le régime insécure. L’opération dans le régime abrite vous aidera de garder votre ordinateur fonctionnant sûrement. Pour le fonctionnement du navigateur au régime abrite, Windows a besoin d’installer le logiciel antiviral balayant certifié et l’outil de protection en ligne. Outil de protection en ligne Microsoft Windows Nom: Producteur: ---------- Je n'ai pas eu le temps de réagir car il s'est téléchargé en très peu de temps, et il n'y a pas eu d'installation. Depuis, je me retrouve avec un programme nommé "Virus Protector" (sans TM) qui me poste des alertes toutes les 5 secondes en me disant que mon ordinateur est infesté de virus, se lance tout seul des le démarrage de l'ordi, et la seule option que j'ai est d'acheter le logiciel complet pour 50$ (je vis aux USA). Il me semble évident que ce logiciel est un faux car il n'a aucun site web, et le plus problématique c'est qu'il m'empêche d'ouvrir n'importe quelle application (installations de logiciels anti-virus telechargés, jeux,...) seul Firefox et quelques autres programmes échappent a la règle. Le probleme, c'est que le logiciel n'étant pas installé, il n'est pas dans "mes programmes" et que je n'ai pour l'instant aucun moyen de le supprimer (je ne peux pas supprimer l'icône dans la barre menu par exemple...). De fait, Norton ne détecte rien (je ne scanne peut-être pas les bons fichiers??) et je ne peux pas installer aucun logiciel de protection supplémentaire. Aussi, MSCONFIG ne peut pas être lancé, donc je ne peux pas l'empêcher de démarrer... Ne voulant pas payer 50$ pour un faux logiciel, je me demande si vous avez peut-etre des solutions? Merci d'avance. Pour info, voici le lien pour "acheter" le logiciel : http://www.simplesecurebilling.com/...

Faux Anti-Virus

Réponse 1 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

bonsoir

Télécharge rkill
https://download.bleepingcomputer.com/grinler/rkill.exe
Enregistre-le sur ton Bureau
Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
Un bref écran noir t'indiquera que le tool s'est correctement exécuter, s'il ne lance pas
change de lien de téléchargement en utilisant le suivant à partir d'ici:
http://download.bleepingcomputer.com/grinler/rkill.pif
https://download.bleepingcomputer.com/grinler/rkill.scr
https://download.bleepingcomputer.com/grinler/rkill.com

une fois qu'il aura terminé

Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller

Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

hkny

Désolé, je me suis mal exprimé.
Le principal probleme de ce logiciel, c'est qu'il m'empeche de lancer presque toute application, dont notamment les logiciels que tu vient de me donner. Il met un message comme quoi ce programme est dangereux et le bloque automatiquement.
Aurais-tu une méthode pour m'en débarasser qui ne necessite aucun telechargement?
Merci d'avance.

Réponse 2 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

as t il bloqué rkill ou MalwareByte's Anti-Malware ?

hkny

Oui, il bloque tout installation / .exe

Réponse 3 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

redemarres en mode sans echec

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

et tentes directement MalwareByte's Anti-Malware

laurine

Bonjour à vous.
Moi aussi je viens d'avoir exactement le meme probleme. j'ai telechargé ce sois-disant "anti-virus", car dejà je n'en ai pas =/, et m'empeche de lancer tout applications mis a part internet exlorer. Impossibilité totale de telecharger quoi que ce soit, si je lance un programme une fenetre s'ouvre me disant que le procédé est bloqué suivi de: "process launcher.exe was terminated" dans le cas d'un jeu ou pour msn: "process raccourci windows live messenger.exe was terminated" et toutes les 5s une fenetre "spyware alert" se lance et bien entendu me renvoie toujours au lien internet du site "virus protector".
Je suis desepéré je ne trouve absolument aucune information pour supprimer ce virus vraiment tenace..

hkny > laurine

Laurine, est-ce-que tu réussis a faire fonctionner le Mode sans Echec sur ton PC?
C'est pour savoir si c'est mon PC qui foire ou bien si c'est encore ce PTN de virus :)

hkny

Bon, alors quand j'appuie sur F8 j'ai le bon écran pour une fraction de seconde, et ensuite j'ai une autre 'page' qui le remplace et pas moyen de l'enlever...
Je vais essayer de me demerder pour avoir le mode sans échec.
Merci beaucoup pour ton aide

laurine > hkny

une fois dans le mode sans echec, tu veux qu'on telecharge le logiciel donné ? Internet ne marche pas, que fait-on une fois la =(.

Réponse 4 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

ok

laurine j'ai crée un sujet pour toi en suivant ce lien
https://forums.commentcamarche.net/forum/affich-16646845-mdg-pour-laurine

hkny
essaies de télécharger MalwareByte's Anti-Malware en le renommant HKNY.exe avant de l'enregistrer sur le bureau

hkny

J'ai finalement réussi a activer le mode sans échec, mais comme laurine je n'ai pas de connection...
Comment faire?

Réponse 5 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

deux solutuions

- tu redemarres le pc en mode sans echec avec réseau pour avoir internet et tu télécharges MBAM renommé comme indiqué au dessus
ou
- en mode normal tu télécharges MBAM renommé mais tu le lances en mode sans échec

hkny

Bien, alors j'ai installé MalwareByte's Anti Malware et effectué une recherche complete. Celle-ci m'a trouvé 33 infections que j'ai mises en quarantaine.
Mais, en me remettant en mode "normal" le virus/faux anti-virus est toujours la et me bloque toujours le lancement de mes programmes (en .exe), ce qui fait que je ne peux pas poster le log tout de suite, je dois me remettre en mode sans echec.

Auriez-vous d'autres idées pour me débarasser de ce virus coriace?
Merci d'avance

Réponse 6 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

oui pour les idées

mais je préfère voir le rapport MBAM avant

hkny

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

17/02/2010 20:42:25
mbam-log-2010-02-17 (20-42-25).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 268718
Temps écoulé: 57 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 35
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a0bf1fc-6f0b-40a8-bfb2-8029b069ea47} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxvlix (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a0bf1fc-6f0b-40a8-bfb2-8029b069ea47} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b4ea7b6-9943-456f-920b-10801a7fd767} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b4ea7b6-9943-456f-920b-10801a7fd767} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a57e074f-56d8-4a33-8112-aac9693aa909} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c1fec19e-f893-4b56-9cc7-cff71bb34693} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b05a613-988e-4fa1-b2d7-55a1145fd1ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c1fec19e-f893-4b56-9cc7-cff71bb34693} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b05a613-988e-4fa1-b2d7-55a1145fd1ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9b4ea7b6-9943-456f-920b-10801a7fd767} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf7140435 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f42737a9 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0c7c23ef-a848-485b-873c-0ed954731014} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a57e074f-56d8-4a33-8112-aac9693aa909} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ed-d558-49ae-b01a-3b374cc7910e} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://windowsisearch.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://windowsisearch.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://windowsisearch.com/search?q={searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://windowsisearch.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61fe3f4d-e797-40ab-8a9b-d711fa8e7ecc}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.4,85.255.112.73 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef48f3c4-38ce-4b7e-8066-a2b128d27ae4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.4,85.255.112.73 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\242112 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyxVlIx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyxVmll.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llmVxyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llmVxyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\SSPlus\SAddr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SSup.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3D7F725-7079-4B0E-B171-9A571A67D2D2}\RP692\A0508733.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Reset Cursor.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Weather.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Games!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Library.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Uninstall Instructions.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Videos!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Mes documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Scrax.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf7140435.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf7140435.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

Réponse 7 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

vu

je te tiens au courant dans quelques mns de la suite

restes en mode sans echec avec reseau

Réponse 8 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

bon on tente un truc avant de sortir du lourd

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancer seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

laurine

Re bonjour a tous,

jai suivi ce que tu l'as dit et voici le rapport d'analyse:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.11

18/02/2010 10:53:39
mbam-log-2010-02-18 (10-53-39).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 208667
Temps écoulé: 48 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 12
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdugx.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.43 85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35204a6c-e7bf-4118-a62d-6632f4436994}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35204a6c-e7bf-4118-a62d-6632f4436994}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4c2c68ea-6d18-4a7c-afb1-75c9b968e2bb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{688baab2-839c-4b23-894a-4404e6ea5e96}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c795b445-5001-460c-a934-c154c5260281}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c795b445-5001-460c-a934-c154c5260281}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c8aa6362-f9bd-47a1-9de2-3f980cf77b6f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e63dbff4-1170-4334-afc2-26aa62a34460}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e63dbff4-1170-4334-afc2-26aa62a34460}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e72fd871-6b7f-4163-9684-fb91cf9a36a9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.43,85.255.112.142 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\FGI MONDE\Local Settings\Application Data\ofmtudlc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\FGI MONDE\Local Settings\Application Data\ofmtudlc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\FGI MONDE\Local Settings\Application Data\ofmtudlc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

Voilà ou j'en suis rendu toujours, en mode sans echec avec la prise en charge reseau.

hkny

Le scan est vraiment très long (plus long que MalwareByte), ca fait maintenant deux heures est ce n'est toujours pas terminé...
Est-ce normal?

Réponse 9 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

laurine

ce sujet n'est pas le tien et je t'en ai ouvert un comme indiqué au dessus

clic sur ce lien pour rejoindre ton topic et copies y ce rapprt MBAM

https://forums.commentcamarche.net/forum/affich-16646845-mdg-pour-laurine

tu recevras des consignes la bas

hkny

List'em by g3n-h@ckm@n 1.2.5.2

User : Documents (Administrateurs)
Update on 16/02/2010 by g3n-h@ckm@n ::::: 13.30
Start at: 19:34:17 | 18/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Pentium(R) D CPU 3.40GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Norton AntiVirus 17.5.0.127 [ Enabled | Updated ]
AV : avast! antivirus 4.8.1368 [VPS 100217-1] 4.8.1368 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 149.04 Go (27.45 Go free) | NTFS
D:\ -> Disque CD-ROM | 7.11 Go (0 Mo free) [KINGDOMS] | CDFS
E:\ -> Disque fixe local | 232.88 Go (199.56 Go free) [Nouveau nom] | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Documents\Local Settings\Temp\1.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Virus Protector REG_SZ C:\WINDOWS\system32\avpwo858b.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Norton Ghost 9.0 REG_SZ C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\kdmas.exe REG_SZ C:\WINDOWS\system32\kdmas.exe
Alcmtr REG_SZ ALCMTR.EXE
RTHDCPL REG_SZ RTHDCPL.EXE
MSConfig REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableTaskMgr REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoLowDiskSpaceChecks REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoCDBurning REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ arAyIOucq.dll

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ TITANIUM
DefaultUserName REG_SZ Documents
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Documents
AltDefaultDomainName REG_SZ TITANIUM
system REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{9A0BF1FC-6F0B-40A8-BFB2-8029B069EA47} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Microsoft Games\Rise of Nations\rise.exe REG_SZ C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations
C:\Program Files\Microsoft Games\Rise of Nations\nations.exe REG_SZ C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Disabled:Rise of Nations
C:\Program Files\Microsoft Games\Age of Empires III\age3.exe REG_SZ C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3
C:\Documents and Settings\Administrateur\Bureau\jeux2\Cycling Manager 4\Cym2004.exe REG_SZ C:\Documents and Settings\Administrateur\Bureau\jeux2\Cycling Manager 4\Cym2004.exe:*:Disabled:CyclingManager
C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe REG_SZ C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe REG_SZ C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Disabled:Jedi Academy MultiPlayer
C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe REG_SZ C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\Microsoft Games\Halo Trial\halo.exe REG_SZ C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo
C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat REG_SZ C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)
C:\Program Files\SEGA\Medieval II Total War\medieval2.exe REG_SZ C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War
C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe REG_SZ C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Disabled:DarkCrusade
C:\Program Files\THQ\Company of Heroes\RelicCOH.exe REG_SZ C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KDYRCL63\WowExpansionMaster_1024_2100_B_English.avi-downloader[1].exe REG_SZ C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KDYRCL63\WowExpansionMaster_1024_2100_B_English.avi-downloader[1].exe:*:Enabled:Blizzard Downloader
C:\Program Files\World of Warcraft\WoW-1.12.0-frFR-downloader.exe REG_SZ C:\Program Files\World of Warcraft\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\Tencent\QQDownload\QQDownload.exe REG_SZ C:\Program Files\Tencent\QQDownload\QQDownload.exe:*:Enabled:????
C:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe REG_SZ C:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe:*:Disabled:AutoUpdate Module
C:\Program Files\Cossacks 2 - Battle for Europe\Run\Data\engine.exe REG_SZ C:\Program Files\Cossacks 2 - Battle for Europe\Run\Data\engine.exe:*:Enabled:Cossacks 2: Battle for Europe
C:\Program Files\PlayLogic\Ancient Wars - Sparta Public Demo\AWE.exe REG_SZ C:\Program Files\PlayLogic\Ancient Wars - Sparta Public Demo\AWE.exe:*:Disabled:AWE
C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos DEMO\Warhammer_DEMO.exe REG_SZ C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos DEMO\Warhammer_DEMO.exe:*:Enabled:Warhammer®: Mark of Chaos™ Single Player Demo
C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe REG_SZ C:\Program Files\Global Star Software\Airport Tycoon 3\at3.exe:*:Enabled:at3
C:\Program Files\World of Warcraft\BackgroundDownloader.exe REG_SZ C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\Cyanide\Cycling Manager 4\Cym2004.exe REG_SZ C:\Program Files\Cyanide\Cycling Manager 4\Cym2004.exe:*:Enabled:CyclingManager
C:\WINDOWS\system32\dplaysvr.exe REG_SZ C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper
C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD REG_SZ C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Activision\Rome - Total War\RomeTW.exe REG_SZ C:\Program Files\Activision\Rome - Total War\RomeTW.exe:*:Disabled:Rome: Total War
C:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe REG_SZ C:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe:*:Enabled:ClientMgr2
C:\Program Files\Vuze\Azureus.exe REG_SZ C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
C:\Program Files\Cyanide\GameCenter\GameCenter.exe REG_SZ C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter
C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe REG_SZ C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2009
C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe REG_SZ C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2009 - AutoRun
C:\Program Files\World of Warcraft3\WoW-3.2.0-frFR-downloader.exe REG_SZ C:\Program Files\World of Warcraft3\WoW-3.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\World of Warcraft3\Launcher.exe REG_SZ C:\Program Files\World of Warcraft3\Launcher.exe:*:Enabled:Blizzard Launcher
C:\Program Files\World of Warcraft3\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe REG_SZ C:\Program Files\World of Warcraft3\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\World of Warcraft3\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe REG_SZ C:\Program Files\World of Warcraft3\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\World of Warcraft3\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe REG_SZ C:\Program Files\World of Warcraft3\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe REG_SZ C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat REG_SZ C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat:*:Enabled:patchgrabber
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E222CDC-14E5-B985-B4A5-BEF268759DB1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3CC256A7-A51F-EB72-A10B-3D1B45E97C9E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4C35E0E0-FA23-D9B9-6898-64E3803B0143}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A4713D2D-B796-7174-3B8C-0C4F1D635015}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E5BAD4-B48A-0C6B-6FF6-AC52AE312848}

==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1C46D9F2-F166-25BA-07A9-083CA9C1F3E8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C9E862DC-4D27-4F72-98AF-DAE6A9A3515A}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ about:blank

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Documents\Local Settings\Temp\1.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\Drivers\atapi.sys

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Documents\Local Settings\Temp\1.tmp
## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\DllCache\atapi.sys

Sources
=======

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

D:\Autorun.inf :
----------------
[autorun]
open=Launch.exe
icon=setup.ico

E:\Autorun.inf :
----------------
[autorun]
OPEN=setupSNK.exe
ICON=\SMRTNTKY\fcw.ico
ACTION=Assistant Réseau sans fil
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\recycler\NPROTECT
Present !! : C:\Program Files\Applications
Present !! : C:\Program Files\AskBarDis
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\Fonts\GRGAREF.TTF
Present !! : C:\WINDOWS\System32\*.dll.tmp"
Present !! : C:\WINDOWS\System32\*.ini2
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\MSINET.oca
Present !! : C:\WINDOWS\System32\SET*.tmp
Present !! : C:\WINDOWS\TEMP\scs1A1.tmp
Present !! : C:\WINDOWS\TEMP\scs1D5.tmp
Present !! : C:\Documents and Settings\Documents\Application Data\Microsoft\Clip Organizer\mstore10.mgc
Present !! : C:\Documents and Settings\Documents\Application Data\Microsoft\Clip Organizer\Offic10.MGC
Present !! : C:\Documents and Settings\Documents\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\Documents\Local Settings\Temp\IMG.jpg
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\bdcdk.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\BInNW.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\DMengj.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\DMGRK.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\duOFoo.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\EbWqNV.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\EgamiE.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\EOAsaJWdx.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\ESmVuwQ.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\fsAiaal.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\FwRTpy.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\gooum.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\GRGJniaFc.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\GvSwslj.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\GXroHo.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\HbVwC.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\HdHKViDJ.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\IbRmxdaQt.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\iGicR.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\kmWcdA.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\KObOFFX.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\kPHjH.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\MBCekESTN.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\mjpOmptM.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\NYGCbGNEg.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\oalFkCPnE.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\oBwnOWq.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\pkREkOOv.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\PmYxY.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\PQHUr.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\PsDHipvbS.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\qLNjJkQ.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\qOFrlO.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\ROnIHy.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\sTNkLavO.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\TFCXOB.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\tPPdl.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\UbIjuuYv.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\UTNeW.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\VgnqJaNV.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\VibUDK.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\VJiJI.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\vSDjMI.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\wDLViFM.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\WSUXnm.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\WtUCnCl.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\XTxan.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\XXqsKDmuv.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\yaYmoyMoV.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\ygNoQpb.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\yMlCUWu.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\_is11.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\_is12.exe
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_120.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_258.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_260.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_2a8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_2cc.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_2f4.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_2f8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_340.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_3c4.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_5d8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_620.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_634.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_640.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_670.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_6dc.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_6ec.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_700.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_710.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_754.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_7a8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_7c0.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_828.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_830.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_8a4.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_8a8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_8d8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_8f8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_9a0.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_9a4.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_a20.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_a58.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_a9c.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_ac4.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_adc.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_b1c.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_b2c.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_b74.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_b80.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_bc.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_bc0.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_bc4.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_bd8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_bec.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_bf4.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_c54.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_c9c.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_cd0.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_cdc.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_d1c.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_d28.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_d6c.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_d94.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_dd4.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_dfc.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_e30.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_e48.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_e60.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_ee8.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_efc.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_f14.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_f68.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_fac.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Perflib_Perfdata_fdc.dat
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\AWgyTlTJ.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\AYnWsbRc.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\bAAECE.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\baUdvee.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\bBOpH.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\BJSKogV.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\BRQVytx.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\buISNAbu.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\cbIok.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\CKIUn.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\CqDHFn.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\DbsVLNjVe.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\dkGwiQ.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\drm_dialogs.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\drm_dyndata_7330014.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\eRtOqWM.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\Fiaeg.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\fRXUbUJo.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\gckDAyB.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\gJMBWwwct.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\gxCXk.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\HTMLayout.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\IfRmAsjj.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\IJrFaON.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\iYYYhj.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\jVSShm.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\JYHXPsSlC.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\KCCiO.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\kdDjWR.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\kMwPPUEa.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\ltLlNmgLC.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\lYpmkkGeE.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\ncmvuOMCD.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\nKHaI.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\nvSvnwm.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\NWmfx.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\oCkYccxw.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\oNCOXHTu.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\OriMvNIGC.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\oTRACTyTA.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\OYAdnQ.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\pcbOIc.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\pEeQTB.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\phBFgxiq.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\psbjqlIf.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\qaXrMMxgk.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\qQgXVyrvO.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\QQtgrN.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\rAxQBmDPg.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\RerCBF.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\rtRGgUoEt.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\rYQGxv.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\uRWLeNcxg.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\VCgywhdHT.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\VesFv.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\vGHbVkHp.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\vpoiic.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\WbRFDdQ.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\wIpRrqB.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\WKuUPneY.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\WPkVvA.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\WpXMKKb.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\wqAdX.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\wttPD.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\WXsbP.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\xIjunLp.dll
Present !! : C:\Documents and Settings\Documents\LOCAL Settings\Temp\yBISj.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msconfig
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Present !! : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Present !! : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKCR\EoRezoBHO.EoBho
Present !! : HKCR\EoRezoBHO.EoBho.1
Present !! : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Present !! : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Present !! : HKCU\Software\AppDataLow\AskBarDis
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Present !! : HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Present !! : HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Present !! : HKLM\Software\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Present !! : HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Present !! : HKLM\Software\Classes\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}
Present !! : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Present !! : HKLM\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Present !! : HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Present !! : HKLM\Software\Classes\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho
Present !! : HKLM\Software\Classes\EoRezoBHO.EoBho.1
Present !! : HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Present !! : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Present !! : HKLM\Software\Classes\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}
Present !! : HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Present !! : HKLM\SOFTWARE\ItsLabel
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\ControlSet004\Enum\Root\Legacy_BHDRVX86
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_BHDRVX86

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 23:24:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"=str(7):"d\bx6\x2140&\xff20\xffff@)°)@5Ø)\xf498)\xf748)h6è66È6NGR DRM-1804X\0PIONEER CD-ROM DRM-6324X\0PIONEER CD-ROM DRM-624X \0TORiSAN CD-ROM CDR_C36\0\0007¨\xffffGère la configuration et le suivi des composants de base COM+ (Component Object Model) . Si le service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. Si ce service est désactivé, les services qui en dépendent de manière explicite ne pourront pas démarrer.\0\0\0ø\xffffPermet à un programme fonctionnant sous Windows de créer, modifier et accéder à des fichiers Internet. Si ce service est arrêté, Ces fonctions ne seront pas disponibles. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.\0\0\xffd8\xffffv\f\xb2\007\1\0\1BSmoiLnsf\xfff8\xffffH7\xfdd8\xffff%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16\0\0\0\0\xffe0\xffff\xd868\r\xefc86\xee706\x1b307\x303078712\xffd8\xffffv\16J\0ˆ7\1\0\0017DvcIsac7\xfff8\xffff7\xffd8\xffffv\n\\0À7\1\0\1CDvcDsfig\xfff0\xffffBase\0 \xffd8\xffffv\16h\0È7\1\0\0011DvcIsac~ \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0016\0\0\0\xffe0\xffffAvertissement\0\xffd8\xffffv\17&\0H7\a\0\1\0DpnOSrie\xffe0\xffffv\5\30\0ÀZ\1\0\0011Cas\x326d\xfff8\xffff€7\xfdd0\xffffInforme les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.\0\0\0\xffe0\xffff67.243.53.226\0\xffd8\xffffv\16\34\0 7\1\0\1JDcSbeMsH\xffe0\xffff255.255.252.0\0\xffe0\xffff°4Ø4h4X4@4°4È4\xffe0\xffff@M\xde18SÀR]\xd988`\0Pnigieeaeprto\xff73\xffff\xffff\xffd8\xffffv\n\41\0PCI\VEN_11AB&DEV_6141\0PCI\VEN_11AB&CC_010681\0PCI\VEN_11AB&CC_0106\0PCI\VEN_11AB\0PCI\CC_010681\0PCI\CC_0106\0\0\0\0\0 \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0029\0\0\0¨\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0001a6\xffe8\xffffNETWORK\0X4\xffd8\xffffv\f\xa0\0è7\1\0\1\0SmoiLn\0\0\xfff8\xffffØ7\xffd8\xffffv\n\20\0¨\f\1\0\1\0DvcDs\0\0\0\b\0ˆ7\xffd8\xffffv\f\xbe\0Ø7\1\0\1RSmoiLn\F\xffe0\xffff2.12.0.0\0000\0k\0a\xffe0\xffffv\a\20\0è\36\1\0\0013Ifah\xffd8\xffffv\16h\0à7\1\0\1\0DvcIsac\\xfff0\xffffl\1Ð8\xe918H\xffd8\xffffv\f\xbe\0 7\1\0\1CSmoiLnW.\xffc8\xffffv \4h\0\0\0\24\0\2D\3\0\0\xffffv\5\n\0 7\2\0\1eGopf \xffffn ü³Ê\0\0@J\1\0\0\0À7\xffff\xffff\1\0€7\6\xffff\xffff\b\0\0\0\30\0\4\0ys\16\0LGC_ACMe\xffd8\xffffv\f\4\x3030gi\xffe0\xffffv\a\20\0€7\1\0\0012Srie\xffe0\xffffv\6\47\xffe0\xffffè77(7P77¸7\0017\b\0rt\xffd8\xffffv\f"\007\a\0\0012Lwritr(2\xffd8\xffffPxHelp20\0bsstor\0\0p\xffd0\xffffx\20À\20Ø\20¸\20À\20è\200\20\xeec867¸b\0\0\xffd8\xffffv\16h\087\1\0\1\DvcIsacR\xfff8\xffff°7\xfff8\xffffÐ7 \xffffSteganos Live Encryption Engine 8.1 [Service]\0 \xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0053\0\0\0\xffe8\xffffcatchme\0à7P\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24ÿ\17\0\0\0\30ý\2\0\0\x500 \0#\0\0\0\x500\22\0\0\0\x500\22\0??¨\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0\0\0\0¨\xffffn \x3014Ç.É\0\0ˆ5\0\0\0\0\xffff\xffff\xffff\xffff\6\0à7\6\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x303025\xffd8\xffffv\tN\0 7\1\0\1\0CasU\x2d44\x3332E-¨\xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\03\0\xffd8\xffffv\n.\0 7\1\0\1\0DvcDs\0\0\xffc8\xffffGestion d'applications\0\0\x261e¨\xffffn \xa8f8ßHÊ\0\0 5\1\0\0\0ø7\xffff\xffff\b\0ˆk\6\xffff\xffff\16\0\0\0\30\0Z\0\0\0\4\0\x3030\x3030\0\0\xffd8\xffffv\f\xbe\0h7\1\0\1~SmoiLnD.\xffd8\xffffv\16X\087\1\0\1\0DvcIsac\0\xffd8\xffffv\f\4LocalService\0\xffd0\xffffLanmanWorkstation\0\0\0\0\0\xffe0\xffffv\5\4X7 7\x4dc87h7\xff98\xffffn ê\x4dfbÆ\0\0\x1dc0\30\1\0\0\0ð7\xffff\xffff\1\0@6\6\xffff\xffff\b\0\0\0\30\0\4\0\x99\0\26\0LGC_LE8_EVC\0\xffd8\xffffv\f\xae\0¨7\1\0\18SmoiLnnI¨\xffffn Ž\xa708Æ\0\0P7\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x1bf87\6\xffff\xffff\16\0\0\0\26\0\\0\0\0\4\0\x3030\x3030\0\0\xffd8\xffff`\36˜\36\xd7b0\36\xd818\36\xd840\36¨\36\31°1e\37\xfff8\xffff7\xffd8\xffffv\v(\0¨7\1\0\1\0Dsrpin\0\0\xffd0\xffff€\1\1\0\1\0\3\0\0\0\1\0\xea60\0\1\0\xea60\0\1\0\xea60\0\xffd0\xffff("x())˜)°)ð) )¨)€)è7\xfff0\xffffl\1à7\x2140&hiIsac\0\xffd0\xffffv\0244\0Ð7\a\0\1\0AtRnlasial\0\0\xff70\xffffFournit un système de gestion de thème de l'expérience utilisateur.\0\0\0\b\0€7\xff90\xffffHID\Vid_046d&Pid_c512&MI_01&Col02\7&1ed02ebf&0&0001\0LP \xffffUSB\Vid_046d&Pid_c512&MI_01\6&f6761c&0&0001\0H3\xffe0\xffffv\3\x248\0\x32489\n\0\1\6Pi\6\xff70\xffff(\16\x2d284ø\17È3\x29884\x29b04\x29f84\x22204\x29d84\x22704\x22d04\x22484\x22a04\x23384\x23004\x2b384\x2ad84\x2bd04\x2b604\x32404P4p4\x32604\x33404\x33d844\x32b84\x33704P4x4¸4Ø44046-\xffd8\xffffv\16\0v\2\4\xffff\x1920\31\xf060\30À\35\x33c0\32ð\35\35\xa7f8/0/Ø\35\xf8b06es\xffe8\xffffNVIDIA\0,6,¸\xffff%SystemRoot%\System32\GEARSec.exe\0\xffd0\xffff\x05f81H1\xf6781\x2cf02\xf7b01\x2ed8202\x2de02\x2f282\xf3481\1\0\xffd8\xffffv\16\30\0ø4\a\0\1\0NEotxLs\0\b\0\0\0\0\xffff\xffff\xffff\xffff\1\0p1P\t\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0Scrt\xffd0\xffffv\23\40IAtcniuained\xffd8\xffffv\v\4{8ECC055D-047F-11D1-A537-0000F8753ED1}\0002\0øA\20\046971\0\xffd0\xffffv\27\4F8753ED1}\000617\x500\096f}\System Volume Information\EfaData\SYMEFA.DB\0\0\??\Volume{424c7627-aa19-11da-9f3c-806d6172696f}\System Volume Information\EfaData\0\0\??\Volume{19f2311a-6c83-4932-aebe-046599ff502f}\System Volume Information\EfaData\SYMEFA.DB\0\0\??\Volume{19f2311a-6c83-4932-aebe-046599ff502f}\System Volume Information\EfaData\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccipc.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccl90u.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccset.dll\0\0\0\0\0\0ð\0\0\0\0\0\0\0\0\0\0012X\0n °EÕÆ\0\0ˆ7\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\xffff\xffff\xffff\xffff\0\0\0\0\0\0\0\0\1\0\a\0LgofP\0v\n"\0¨7\a\0\1OHrwrI3OL(\0Monitor\VSCC81B\0\0S0\0v\r\24\0x7\a\0\1VCmailIsE\b\0€7hi\0\0\0\0\0\0\a\0Lgof¨\xffffn Ho+Æ\0\0Ø1\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\6\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof\xff88\xffff\\?\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}\0\xffd8\xffffACPI\PNP0501\1\0\0\0\0\xfff0\xffff0000\0\0¨\xffffn Ho+Æ\0\0˜1\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\6\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof\xffd0\xffff\32\32\xe340\32\xeab0\32\xe4e8\32\xec00\32\xeb00\32è\e\xeba8\32\x2d387h3\xffc8\xffffˆ\34ø\34È\34\x9fc0\350\36\x1768\36 \35\x2238\36\x2288\36\x22b0\36\x2260\36ø0\x2288\36\xffd0\xffff`\34À\36ø\36p\36È\36°\360\36ø1ð\36Ð/\x2f407¨\xffffn Ho+Æ\0\0\xd968\30\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\6\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof¨\xffffn Ho+Æ\0\0\xe1a8\30\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\6\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof¨\xffffn Ho+Æ\0\0\xe468\30\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\6\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof\xffd0\xffffv\30\4\xffe0\xffffv\4h\0˜9\n\0\1\6RoX\6¨\xffffn Ho+Æ\0\0\xe9d0\30\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\6\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Lgof\xffc8\xffffBrother RemovableDisk(U)\0\0\xff80\xffffService d'administration du Gestionnaire de disque logique\0\0\0\0\xffd8\xffffv\f\xbe\0h7\1\0\1\0SmoiLn\0\08\xffffUSB\DevClass_00&SubClass_00&Prot_00\0USB\DevClass_00&SubClass_00\0USB\DevClass_00\0USB\COMPOSITE\0\0003H3€\xffffTransfère des données entre les clients et les serveurs en tâche de fond. Si le service BITS est désactivé, les fonctionnalités telles que Windows Update ne fonctionneront pas correctement.\08\xffffGère la configuration réseau en inscrivant et en mettant à jour les adresses IP et les noms DNS.\0ið\xffffConfigure les lecteurs de disque durs et les volumes. Le service ne s'exécute que pour les processus de configurations puis s'arrête.\0\xff68\xffffProvides support for the Running Object Table for InstallShield Drivers\0dr(\xffffGère la stratégie de sécurité IP et démarre les pilotes de gestion de sécurité IP et ISAKMP/Oakley (IKE).\0\xffd0\xffff\xa770\35x\35 \35à\35\35¨\35\xe258\35€\35\xe1e8\35\xf2b86pi\xfff0\xffffOff\0x7\xffe8\xffffccEvtMgr\0V\xffe8\xffffTcpip\0\0ime\xffd8\xffff\xff98\36\xffc8\36\xf6c0\36\xf6e8\36à\37\x308\371(1IK\xffd8\xffffv\v\34\087\1\0\1\0Dslyae\0\0\xffe8\xffffcatchme\0\0000\xffd8\xffffv\f\4iLn\0\0\xffd8\xffffSecondary Channel\0\xfff0\xffffVideo\0\xffc8\xffffv\35\4 système de fichiers\0ou\xffc0\xffffsystem32\DRIVERS\serial.sys\0\0\0\xffd0\xffffØ\30¸\31\x2a98\32x\320\32€\32˜\32˜\32\xecb86\x2b807ˆ\32\xffd0\xffffp\e0\34\x33c0\34p\34P\34 \34\x9fd0/\xdc206 6 7(7\xffc8\xffff \36 \36@\36ð\36\36È\36€\36 \36è\36ð\36À\36H\36€\36\xff60\xffffFournit des notifications à des événements matériel de lecture automatique.\0\0\0\xffc0\xffff\x17d0\31Ð\37h\378\37Ð\37¸\37ˆ\37°\37¨\37p\37˜\37¸\37Pràs0/\b\0¨7\xffc0\xffffRealtek High Definition Audio\0\xfff0\xffff\xf1f0K¸LðLhiL6\x3032753\xffc8\xffffv\34\4v \4i\x206fPohc.x:3OL6\x303275è2\xffc8\xffffv\32\40561\xffc8\xffffv \4\0\1A_\x3245.x:3OL6\x303275\xffc8\xffffv\34\4è\270\27\x1930!\27¨\xffff{4D36E97D-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xffe8\xffff8.1.9.8\00000\xffc8\xffffv\31\4 \xffff{4D36E96E-E325-11CE-BFC1-08002BE10318}\0002\0x3\xffc8\xffffp\26è\26H\26\x2f98//Ð/(1\xda781˜/€1X103˜3¨\xffff{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\0!\?\xffd8\xffffv\tN\0\xfab87\1\0\1\6CasU\xa744\t\xa9f0\t\xffc0\xffffv"\4_s.x:3OL6\x303275SYM\xffc8\xffffv\e\42_oum.x:3OL6\x303275\xdb982¸\xffffv-\4MI_00\0HID_DEVICE_SYSTEM_KEYBOARD\0HID_DEVICE_UP:0001_U:0006\0HID_DEVICE\0\0à\xffffHID\Vid_046d&Pid_c512&Rev_3007&MI_01&Col01\0HID\Vid_046d&Pid_c512&MI_01&Col01\0HID_DEVICE_SYSTEM_MOUSE\0HID_DEVICE_UP:0001_U:0002\0HID_DEVICE\0\0\0\0\0 \xffff{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\0003\0E~\xffc8\xffff@\26\xab30\26Ø\27˜\27ð\27 \27/Ø/P/`/(/\xd8101sU\xffc8\xffff\xd9d8\26\xdbb0\26\27Pid_c512&Rev_3007&MI_01&Col02\0HID\Vid_046d&Pid_c512&MI_01&Col02\0HID_DEVICE_SYSTEM_CONSUMER\0HID_DEVICE_UP:000C_U:0001\0HID_DEVICE\0\0\xffd0\xffff 3\xdcb0\36€303ˆ3X3101h1À3h1\xffd0\xffff1X183p3°3€3°13è1À4˜1¸\xffffPort de lecture de données ISAPNP\0\b\0 7¸\xffff%SystemRoot%\system32\psxss.exe\0\0\0\xffd0\xffffh\27¸\27 \27è\27P\27H\27p\27 \27X\27\x2fe0/\27\b\0nt\xff90\xffffHID\Vid_046d&Pid_c512&MI_01&Col01\7&1ed02ebf&0&0000\0\0\0\xffd8\xffffø\20¸\23\x658\24€\24\x500\24p.(6H6ø7hi\0\0\0\0\0\0\0\0\0\0\x2e8\00000000000001\0WS(\0v\17\36\0H7\1\0\0017Mpigutn4È\00025\08x7\xb8\0v\17\32\0 7\1\0\1YMpigutn2 \000000000000001\0\H\0v\17\34\0è7\1\0\1\Mpigutn3 \0000000000000001\0(\0v\17"\07\1\0\0017Mpigutn6\xb8\00025\08x7\xa8\0€7(\00000000000000001\0\0!\P\0v\17 \0˜7\1\0\1AMpigutn5(\000000000000000001\0.E(\0v\v\6\0h7\1\0\0017MuepeYØ8è\0v\b\n\0è7\1\0\0017DaLcÈ\0000000000000000001\0P(\0v\v\4MuepeX.D8\0v\16\b\0ø7\1\0\0017HrwrCus8\20\0Off\0x7\xffd8\xffff¸\26à\26p\26è\26°\26\xab081x44\0\0\xffd0\xffffv\24\4f}\System Volume Information\EfaData\SYMEFA.DB\0\0\??\Volume{424c7627-aa19-11da-9f3c-806d6172696f}\System Volume Information\EfaData\0\0\??\Volume{19f2311a-6c83-4932-aebe-046599ff502f}\System Volume Information\EfaData\SYMEFA.DB\0\0\??\Volume{19f2311a-6c83-4932-aebe-046599ff502f}\System Volume Information\EfaData\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccipc.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccl90u.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccset.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccvrtrst.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\efacli.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\fwsetup.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\imcfg.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\isdatapr.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ispwd.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\microsoft.vc90.crt\msvcp90.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\microsoft.vc90.crt\msvcr90.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\microsoft.vc90.crt\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\navshext.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccipc.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccl90u.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccset.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccvrtrst.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\efacli.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\fwsetup.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\imcfg.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\isdatapr.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ispwd.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\microsoft.vc90.crt\msvcp90.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\microsoft.vc90.crt\msvcr90.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\microsoft.vc90.crt\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\navshext.dll\0\0\??\C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\0\0\??\C:\Program Files\Norton AntiVirus\Branding\17.0.0.136\09\01\isBrand.loc\0\0\0\20\0\a\0Lgof \xffffUSB\Vid_046d&Pid_c512&MI_01\6&f6761c&0&0001\0 4\xff90\xffffHID\Vid_046d&Pid_c512&MI_01&Col03\7&1ed02ebf&0&0002\0IC\xffc8\xffffv\e\4tr.x:3OL6\x303275.D\xffd0\xffffv\30\48\xffff\\?\HID#Vid_046d&Pid_c512&MI_01&Col01#7&1ed02ebf&0&0000#{43d64580-4611-4825-add7-0369b77cc43c}\0\0\0\0H\xffff\\?\USB#Vid_046d&Pid_c512&MI_01#6&f6761c&0&0001#{4c55b846-b486-4563-9e67-3dbfd5ab7784}\0004À4 \xffffHID\Vid_046d&Pid_c512&MI_00\7&2b0f7d30&0&0000\0H\xffff\\?\HID#Vid_046d&Pid_c512&MI_00#7&2b0f7d30&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}\0\0\xff90\xffffHID\Vid_046d&Pid_c512&MI_01&Col01\7&1ed02ebf&0&0000\0\0\08\xffff\\?\HID#Vid_046d&Pid_c512&MI_01&Col01#7

Réponse 10 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

Attention, avant de commencer, lit attentivement la procédure, et imprime la

Aide à l’utilisation
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Télécharge ComboFix de sUBs en le renommant MDG.exe avant de l’enregistrer sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\

---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l’installer remets provisoirement internet)

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

hkny

ComboFix 10-02-19.01 - Documents 19/02/2010 16:47:48.1.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1779 [GMT -5:00]
Running from: c:\documents and settings\Documents\Bureau\MDG.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\TENCENT\SSPlus\SData.dat
c:\program files\TENCENT\SSPlus\stdtbh.dat
c:\windows\system32\bpulowgj.ini
c:\windows\system32\degxrcyk.ini
c:\windows\system32\dhowvuer.ini
c:\windows\system32\djgkfevy.ini
c:\windows\system32\dwkxyqqn.ini
c:\windows\system32\fgglyymf.ini
c:\windows\system32\golymasl.ini
c:\windows\system32\gpjldnse.ini
c:\windows\system32\hdqeitav.ini
c:\windows\system32\hovgxjmy.ini
c:\windows\system32\hsllaexn.ini
c:\windows\system32\iRrtBcfe.ini
c:\windows\system32\iRrtBcfe.ini2
c:\windows\system32\jjehknbj.ini
c:\windows\system32\kblrcyqa.ini
c:\windows\system32\kbvtnmxy.ini
c:\windows\system32\kfnpyiwk.ini
c:\windows\system32\KnmnoXbc.ini
c:\windows\system32\KnmnoXbc.ini2
c:\windows\system32\kwgflonw.ini
c:\windows\system32\lafdsavm.ini
c:\windows\system32\lcqxewup.ini
c:\windows\system32\lpippuqt.ini
c:\windows\system32\lsvcgfts.ini
c:\windows\system32\lykvxgqx.ini
c:\windows\system32\mdlolqap.ini
c:\windows\system32\mmppepsl.ini
c:\windows\system32\odyunjtd.ini
c:\windows\system32\oiemnfxy.ini
c:\windows\system32\oyjpnnnb.ini
c:\windows\system32\pkwdrkym.ini
c:\windows\system32\punveovl.ini
c:\windows\system32\pwxqjqvu.ini
c:\windows\system32\qogtjcqd.ini
c:\windows\system32\rlucjnca.ini
c:\windows\system32\sajxemux.ini
c:\windows\system32\scpeyqln.ini
c:\windows\system32\tnrfurdx.ini
c:\windows\system32\uhokvmnw.ini
c:\windows\system32\vrhkwyac.ini
c:\windows\system32\woaafiqv.ini
c:\windows\system32\wtiwychy.ini
c:\windows\system32\yigyqxav.ini
c:\windows\system32\yioelrjl.ini
E:\AUTORUN.INF
E:\resycled
c:\recycler\NPROTECT . . . . failed to delete
c:\recycler\NPROTECT\00031856.LO_ . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://au.doj+|Cv+@J:NGD_DQ{ztHG.XnP6;KI+Visual Studio Express
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-19 03:10 . 2010-02-19 03:10 -------- dc----w- c:\documents and settings\Documents\Application Data\AVG8
2010-02-19 03:07 . 2010-02-19 03:07 -------- dc----w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-19 00:34 . 2010-02-19 00:34 -------- dc----w- C:\Kill'em
2010-02-18 02:37 . 2010-02-18 02:37 -------- dc----w- c:\program files\List_Kill'em
2010-02-18 00:42 . 2010-02-18 00:42 -------- dc----w- c:\documents and settings\Documents\Application Data\Malwarebytes
2010-02-18 00:42 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 00:42 . 2010-02-18 00:42 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 00:42 . 2010-02-18 00:42 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-18 00:42 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-02-17 04:28 . 2010-02-17 04:29 -------- dc----w- c:\program files\Eusing Free Registry Cleaner
2010-02-17 01:25 . 2010-02-17 01:25 1547264 -c--a-w- c:\windows\system32\avpwo858b.exe
2010-02-10 00:13 . 2010-02-10 00:15 -------- dc----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 21:32 . 2006-03-02 11:18 -------- dc----w- c:\program files\Norton SystemWorks
2010-02-19 19:51 . 2009-12-11 00:03 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-19 01:34 . 2009-09-05 16:28 1324 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-02-18 01:42 . 2008-09-15 08:50 -------- dc----w- c:\documents and settings\All Users\Application Data\services
2010-02-17 23:42 . 2009-11-15 01:43 -------- dc----w- c:\documents and settings\Documents\Application Data\Skype
2010-02-17 23:27 . 2009-06-21 08:05 -------- dc----w- c:\program files\Steam
2010-02-16 03:10 . 2008-11-14 10:49 -------- dc----w- c:\documents and settings\Documents\Application Data\LimeWire
2010-02-11 02:33 . 2009-05-16 02:25 -------- dc----w- c:\program files\World of Warcraft3
2010-02-11 02:33 . 2006-12-22 10:10 -------- dc----w- c:\program files\World of Warcraft
2010-02-10 00:13 . 2008-12-21 12:19 -------- dc----w- c:\program files\iPod
2010-02-10 00:13 . 2009-12-16 21:25 -------- dc----w- c:\program files\Fichiers communs\Apple
2010-02-09 23:50 . 2010-02-09 23:50 72488 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-27 00:01 . 2009-11-15 01:48 -------- dc----w- c:\documents and settings\Documents\Application Data\skypePM
2010-01-07 23:47 . 2009-04-02 11:22 -------- dc----w- c:\program files\Fichiers communs\DVDVideoSoft
2010-01-02 16:14 . 2008-12-21 12:22 -------- dc----w- c:\documents and settings\Documents\Application Data\Apple Computer
2010-01-02 16:11 . 2010-01-02 16:10 -------- dc----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-12 14:58 . 2008-06-12 12:35 886210 -c--a-w- c:\program files\wowmodelview-0[1].5.08.zip
2009-12-11 00:05 . 2006-03-02 11:18 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-11 00:05 . 2006-03-02 11:18 124976 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 22:28 . 2001-08-24 14:00 77768 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-28 22:28 . 2001-08-24 14:00 476694 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-28 17:48 . 2008-11-08 06:04 73440 -c--a-w- c:\documents and settings\Documents\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-06-29 12:45 . 2008-06-29 11:24 71589 -c--a-w- c:\program files\log.txt
2008-06-29 12:44 . 2008-06-29 12:44 0 -c--a-w- c:\program files\stdout.txt
2008-06-29 12:44 . 2008-06-29 12:44 0 -c--a-w- c:\program files\stderr.txt
2007-01-16 20:44 . 2007-01-16 20:44 237568 -c--a-w- c:\program files\wowmapview.exe
2005-05-26 10:10 . 2005-05-26 10:10 15 -c--a-w- c:\program files\windowed.cmd
2005-03-29 01:12 . 2005-03-29 01:12 5991 -c--a-w- c:\program files\arial.info
2005-03-29 01:12 . 2005-03-29 01:12 17992 -c--a-w- c:\program files\COPYING
2005-03-28 19:56 . 2005-03-28 19:56 262162 -c--a-w- c:\program files\arial.tga
2004-02-21 10:08 . 2004-02-21 10:08 229376 -c--a-w- c:\program files\SDL.dll
2003-03-19 04:14 . 2003-03-19 04:14 499712 -c--a-w- c:\program files\msvcp71.dll
2003-02-21 12:42 . 2003-02-21 12:42 348160 -c--a-w- c:\program files\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2009-12-06 2166296]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 02:32 279944 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2009-12-06 03:57 2166296 -c--a-w- c:\program files\Mininova-Vuze\tbMin0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2009-12-06 2166296]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2009-12-06 2166296]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Virus Protector"="c:\windows\system32\avpwo858b.exe" [2010-02-17 1547264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Ghost 9.0"="c:\program files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [2004-11-22 1126400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-25 15473664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="c:\program files\Steganos Internet Trace Destructor 7\ITD7.exe" [2005-05-02 274432]
"SSS7"="c:\program files\Steganos Security Suite 7\SSS7.exe" [2005-08-02 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\arAyIOucq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ClientManager2.lnk]
backup=c:\windows\pss\ClientManager2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-17 14:52 51048 -c--a-w- c:\program files\Fichiers communs\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-03-02 13:44 1036288 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_17819265]
2006-06-13 16:11 351000 -c--a-w- c:\program files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2004-06-08 04:31 29696 -c--a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-12-09 19:06 1519616 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 12:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 -c--a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-12-06 17:08 1217808 -c--a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2005-12-08 19:18 35328 -c--a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"c:\\Program Files\\Cossacks 2 - Battle for Europe\\Run\\Data\\engine.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager 2\\bwsvc.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\World of Warcraft3\\WoW-3.2.0-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft3\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft3\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft3\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft3\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [02/03/2006 08:45 9344]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [28/07/2004 14:33 138801]
S1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [28/07/2004 15:13 46800]
S2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [02/03/2006 09:31 164992]
S2 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\BWCDRV.SYS [21/12/2003 03:21 19840]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [28/11/2009 12:38 54752]
S2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [02/03/2006 09:31 12544]
S2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [30/08/2004 10:52 95328]
S2 SLEE_81_DRIVER;Steganos Live Encryption Engine 8.1 [Driver];c:\windows\system32\drivers\slee81.sys [12/05/2005 20:59 69632]
S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [11/07/2005 00:46 372480]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [02/03/2006 08:45 337536]
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2004-11-04 05:19]

2010-02-11 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Fichiers communs\Symantec Shared\SymDrmc.exe [2004-10-27 18:48]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyServer = http=:0;https=:0;ftp=:0;gopher=:0;socks=:0
uInternet Settings,ProxyOverride = *.local
mSearchURL = hxxp://www.Google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b}
FF - ProfilePath - c:\documents and settings\Documents\Application Data\Mozilla\Firefox\Profiles\coapio0i.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.
- - - - ORPHANS REMOVED - - - -

BHO-{1C46D9F2-F166-25BA-07A9-083CA9C1F3E8} - (no file)
BHO-{C9E862DC-4D27-4F72-98AF-DAE6A9A3515A} - (no file)
BHO-{CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - (no file)
ShellExecuteHooks-{9A0BF1FC-6F0B-40A8-BFB2-8029B069EA47} - (no file)
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 16:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2010-02-19 17:08:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-19 22:08

Pre-Run: 32,865,538,048 octets libres
Post-Run: 47,483,068,416 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 316A9184EADB01860F1F2A7A6031B030

Réponse 11 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

vu

1)

▶ Relance List&Kill'em avec le raccourci sur ton bureau ,

mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

Tu peux le désinstaller ensuite

....................

2)

/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\

▶ Télécharge : Gmer (by Przemyslaw Gmerek)

http://www.gmer.net/

▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files

Réponse 12 / 13

Utilisateur anonyme

List_Kill'em option 2

Réponse 13 / 13

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

post 24

hkny

Bon alors je ne sais pas pourquoi mais ces deux scans prennent enormement de temps (3heures et toujours pas finis), je reessaierais demain en dehors du mode sans echec.
En tout cas pour l'instant je n'ai pas de lignes rouges dans GMER...

Faux Anti-Virus

13 réponses

Votre réponse

Discussions similaires

Newsletters