Probleme redirection google
romain7812
Messages postés
125
Statut
Membre
-
romain7812 Messages postés 125 Statut Membre -
romain7812 Messages postés 125 Statut Membre -
Bonjour je me retrouve comme beaucoup de gens apparement infecté par je ne sais quoi, google me renvoi sur des sites ou autre . Sur les differents forum il semblerait qu'il faille poster un rapport quelqu'un pourrait il me le traduire et me dire la demarche a faire ensuite ??? merci par avance
A voir également:
- Probleme redirection google
- Google maps - Guide
- Google maps satellite - Guide
- Google photo - Télécharger - Albums photo
- Dns google - Guide
- Créer un compte google - Guide
35 réponses
Bonjour a tous voici le rapport de doctorWeb
RegUBP2b-marié.reg;C:\Documents and Settings\Sergent\Gerard\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.;
et voici un nouveau rapport HijackThis
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Sergent\AppData\Roaming\msplyid\msplyid.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Sergent\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Users\Sergent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Users\Sergent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [wvtsqqdrv] rundll32.exe "rqrqpq.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [yaabyasys] rundll32.exe "nnmjhf.dll",DllRegisterServer
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [mdply3d] C:\Users\Sergent\AppData\Roaming\msplyid\msplyid.exe
O4 - HKCU\..\Run: [nnmmkldrv] rundll32.exe "rqrqpq.dll",s
O4 - HKCU\..\Run: [ntstDirect] rundll32.exe "C:\Users\Sergent\AppData\Local\ntstDirect\ntstDirect.dll", DllInit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [urspmndrv] rundll32.exe "rqrqpq.dll",s (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [urspmndrv] rundll32.exe "rqrqpq.dll",s (User 'Default user')
O4 - Startup: NHL® 09 Registration.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD085A8-E3E1-4785-8D9F-2585CFB0B54C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
RegUBP2b-marié.reg;C:\Documents and Settings\Sergent\Gerard\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.;
et voici un nouveau rapport HijackThis
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Sergent\AppData\Roaming\msplyid\msplyid.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Sergent\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskhost.exe
C:\Users\Sergent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Users\Sergent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [wvtsqqdrv] rundll32.exe "rqrqpq.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [yaabyasys] rundll32.exe "nnmjhf.dll",DllRegisterServer
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [mdply3d] C:\Users\Sergent\AppData\Roaming\msplyid\msplyid.exe
O4 - HKCU\..\Run: [nnmmkldrv] rundll32.exe "rqrqpq.dll",s
O4 - HKCU\..\Run: [ntstDirect] rundll32.exe "C:\Users\Sergent\AppData\Local\ntstDirect\ntstDirect.dll", DllInit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [urspmndrv] rundll32.exe "rqrqpq.dll",s (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [urspmndrv] rundll32.exe "rqrqpq.dll",s (User 'Default user')
O4 - Startup: NHL® 09 Registration.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD085A8-E3E1-4785-8D9F-2585CFB0B54C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Sergent\AppData\Local\ntstDirect\ntstDirect.dll
c:\users\Sergent\AppData\Roaming\msplyid
c:\users\Sergent\AppData\Roaming\msplyid\config.ini
c:\users\Sergent\AppData\Roaming\msplyid\msplyid.exe
c:\windows\system32\rqrqpq.dll
c:\windows\system32\yabcyy.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-30 ))))))))))))))))))))))))))))))))))))
.
2010-03-30 20:19 . 2010-03-30 21:23 88576 ---ha-w- c:\windows\system32\yabcyy.dll
2010-03-30 20:19 . 2010-03-30 20:19 303097 ----a-w- c:\users\Sergent\mpod.exe
2010-03-29 19:27 . 2010-03-29 19:34 -------- d-----w- c:\users\Sergent\AppData\Roaming\Nero
2010-03-29 18:55 . 2010-03-29 19:01 -------- d-----w- c:\program files\Nero
2010-03-29 18:55 . 2010-03-29 18:56 -------- d-----w- c:\programdata\Nero
2010-03-29 18:55 . 2010-03-29 19:01 -------- d-----w- c:\program files\Common Files\Nero
2010-03-28 19:46 . 2010-03-28 20:03 -------- d-----w- c:\users\Sergent\DoctorWeb
2010-03-28 18:37 . 2010-03-28 18:37 -------- d-----w- c:\users\Sergent\AppData\Roaming\Malwarebytes
2010-03-28 18:36 . 2010-03-28 18:36 -------- d-----w- c:\programdata\Malwarebytes
2010-03-28 17:38 . 2010-03-28 17:38 -------- d-----w- c:\program files\Trend Micro
2010-03-28 11:39 . 2010-03-28 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-28 11:39 . 2010-03-28 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-26 16:44 . 2010-03-28 03:08 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2010-03-21 19:36 . 2010-03-30 21:22 -------- d-----w- c:\users\Sergent\AppData\Local\ntstDirect
2010-03-18 22:41 . 2010-03-21 12:06 -------- d-----w- c:\users\Sergent\AppData\Local\stolocalruntime
2010-03-14 17:13 . 2010-03-14 17:13 -------- d-----w- c:\windows\Sun
2010-03-13 19:03 . 2010-03-18 09:59 -------- d-----w- c:\users\Sergent\AppData\Local\dlldeskgfx
2010-03-12 20:20 . 2010-03-12 20:20 -------- d-----w- c:\programdata\Sports Interactive
2010-03-12 20:19 . 2010-03-12 20:19 -------- d-----w- c:\users\Sergent\AppData\Roaming\Sports Interactive
2010-03-12 19:24 . 2010-03-12 19:25 -------- d--h--w- c:\program files\Zero G Registry
2010-03-12 19:23 . 2010-03-12 19:23 -------- d--h--w- c:\users\Sergent\InstallAnywhere
2010-03-07 17:29 . 2010-03-07 17:29 -------- d-----w- c:\users\Sergent\AppData\Roaming\StreamTorrent
2010-03-04 19:55 . 2010-03-04 19:55 -------- d-----w- c:\users\Sergent\AppData\Roaming\vlc
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 21:21 . 2009-07-14 08:39 707374 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-30 21:21 . 2009-07-14 08:39 133218 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-30 21:14 . 2010-01-12 23:29 -------- d-----w- c:\users\Sergent\AppData\Roaming\Skype
2010-03-30 20:48 . 2009-12-17 23:04 -------- d-----w- c:\program files\BitComet
2010-03-30 20:38 . 2009-11-12 11:34 -------- d-----w- c:\program files\Steam
2010-03-30 19:37 . 2010-01-12 23:32 -------- d-----w- c:\users\Sergent\AppData\Roaming\skypePM
2010-03-28 03:08 . 2010-02-17 17:47 -------- d-----w- c:\program files\Monte Cristo
2010-03-26 16:38 . 2009-11-03 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 16:33 . 2009-07-14 04:57 67584 --s-a-w- c:\windows\bootstat(17).dat
2010-03-24 10:32 . 2009-11-04 20:09 -------- d-----w- c:\program files\Java
2010-03-15 20:18 . 2009-11-04 20:09 -------- d-----w- c:\users\Sergent\AppData\Roaming\LimeWire
2010-03-12 22:33 . 2010-02-03 22:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-10 18:54 . 2009-11-06 18:35 -------- d-----w- c:\programdata\Microsoft Help
2010-03-05 10:17 . 2009-11-13 15:31 -------- d-----w- c:\programdata\Xfire
2010-03-05 00:04 . 2009-11-13 15:31 -------- d-----w- c:\users\Sergent\AppData\Roaming\Xfire
2010-03-04 23:34 . 2009-11-13 15:31 -------- d-----w- c:\program files\Xfire
2010-02-26 20:16 . 2009-12-13 20:24 -------- d-----w- c:\users\Sergent\AppData\Roaming\Free Download Manager
2010-02-24 09:16 . 2009-11-03 17:51 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 14:16 . 2010-02-19 14:16 -------- d-----w- c:\program files\Razer
2010-02-15 22:08 . 2010-02-03 23:11 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-15 22:07 . 2010-02-03 23:11 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-14 17:56 . 2010-02-14 17:56 -------- d-----w- c:\program files\iTunes
2010-02-14 17:56 . 2010-02-14 17:56 -------- d-----w- c:\program files\iPod
2010-02-14 17:56 . 2009-12-24 23:01 -------- d-----w- c:\program files\Common Files\Apple
2010-02-14 17:47 . 2010-02-14 17:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-14 10:28 . 2010-02-14 10:28 -------- d-----w- c:\programdata\TomTom
2010-02-14 10:26 . 2010-02-14 10:26 -------- d-----w- c:\users\Sergent\AppData\Roaming\TomTom
2010-02-14 10:26 . 2010-02-14 10:26 -------- d-----w- c:\program files\TomTom International B.V
2010-02-14 10:26 . 2010-02-14 10:26 -------- d-----w- c:\program files\TomTom HOME 2
2010-02-12 21:56 . 2009-11-05 16:39 -------- d-----w- c:\programdata\ma-config.com
2010-02-12 21:56 . 2009-11-05 16:39 -------- d-----w- c:\program files\ma-config.com
2010-02-11 07:10 . 2010-02-27 11:59 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-03 23:23 . 2010-02-03 23:10 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-03 23:08 . 2010-02-03 23:08 -------- d-----w- c:\program files\VideoLAN
2010-02-03 23:05 . 2010-02-03 21:34 550815505 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\BF2142_Update_1.50.exe
2010-02-03 22:52 . 2010-02-03 22:52 -------- d--h--r- c:\users\Sergent\AppData\Roaming\SecuROM
2010-02-03 22:48 . 2010-02-03 20:35 -------- d-----w- c:\program files\Electronic Arts
2010-02-03 22:45 . 2010-02-03 22:45 90112 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\BF2CdKeyCheck.exe
2010-02-03 22:45 . 2010-02-03 22:45 618496 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\EReg.exe
2010-02-03 22:45 . 2010-02-03 22:45 561152 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\EasyInfo.exe
2010-02-03 22:45 . 2010-02-03 22:45 73728 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\Battlefield 2142_uninst.exe
2010-02-03 22:45 . 2010-02-03 22:45 390408 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\Battlefield 2142_code.exe
2010-02-03 22:45 . 2010-02-03 22:45 5748968 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Redist\ComradeSetup0.26.0.134.exe
2010-02-03 22:45 . 2010-02-03 22:45 484560 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\directx\dxsetup.exe
2010-02-03 22:45 . 2010-02-03 22:45 2248400 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\directx\dsetup32.dll
2010-02-03 22:45 . 2010-02-03 22:45 74448 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\directx\DSETUP.dll
2010-02-03 22:45 . 2010-02-03 22:45 118736 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\setup.exe
2010-02-03 22:44 . 2010-02-03 22:44 4386816 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Autorun.exe
2010-02-03 20:39 . 2010-02-03 20:39 -------- d-----w- c:\programdata\Electronic Arts
2010-02-03 20:39 . 2010-02-03 20:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-03 20:38 . 2010-02-03 20:39 38784 ----a-w- c:\users\Sergent\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-03 20:38 . 2010-02-03 20:39 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-02 21:45 . 2009-11-03 17:52 110432 ----a-w- c:\users\Sergent\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 19:36 . 2010-02-02 19:36 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-02 19:33 . 2009-11-03 18:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-02 19:10 . 2010-02-02 19:10 -------- d-----w- c:\users\Sergent\AppData\Roaming\InstallShield
2010-02-02 19:06 . 2010-02-02 19:06 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-02-02 18:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-02-02 07:45 . 2010-02-25 12:42 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-31 18:20 . 2010-01-31 18:20 -------- d-----w- c:\users\Sergent\AppData\Roaming\2K Sports
2010-01-30 23:41 . 2010-01-30 23:28 -------- d-----w- c:\program files\NBA 2K9
2010-01-18 23:29 . 2010-02-09 18:10 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-09 18:10 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-09 18:10 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-09 18:10 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-09 18:10 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-09 18:10 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-09 18:10 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-09 18:10 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-12 23:32 . 2010-01-12 23:32 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-08 03:18 . 2010-02-09 18:10 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-09 18:10 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-27 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"rqolkjsys"="yabcyy.dll" [2010-03-30 88576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"awwvtrsys"="yabcyy.dll" [2010-03-30 88576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 yabcyy.dll
[HKLM\~\startupfolder\C:^Users^Sergent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Sergent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-26 20:05 1217872 ----a-w- c:\program files\Steam\steam.exe
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-03 691696]
S1 aswSP;avast! Self Protection; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-23 172032]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]
.
Contenu du dossier 'Tâches planifiées'
2010-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-931841741-653269287-666778741-1000Core.job
- c:\users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 13:34]
2010-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-931841741-653269287-666778741-1000UA.job
- c:\users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 13:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
TCP: {FFD085A8-E3E1-4785-8D9F-2585CFB0B54C} = 212.27.53.252,212.27.54.252
FF - ProfilePath - c:\users\Sergent\AppData\Roaming\Mozilla\Firefox\Profiles\b7a3kish.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Sergent\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-mdply3d - c:\users\Sergent\AppData\Roaming\msplyid\msplyid.exe
HKCU-Run-nnmmkldrv - rqrqpq.dll
HKCU-Run-ntstDirect - c:\users\Sergent\AppData\Local\ntstDirect\ntstDirect.dll
HKLM-Run-wvtsqqdrv - rqrqpq.dll
HKU-Default-Run-urspmndrv - rqrqpq.dll
MSConfigStartUp-Widget LEquipe - c:\program files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84A741F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x2020654b
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x84ab00e4
user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-931841741-653269287-666778741-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:47,99,be,7d,98,e8,56,fb,9c,35,f5,74,51,93,5d,61,89,46,6d,a7,8d,8c,b5,
3c,b5,de,13,5c,8e,8c,e5,b2,64,c2,ae,6d,7e,3a,c7,08,60,61,bc,0a,7b,78,eb,5a,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
[HKEY_USERS\S-1-5-21-931841741-653269287-666778741-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,c7,2c,6e,4a,38,7e,ef,15,be,e4,e6,f9,f6,05,69,e2,88,12,73,29,
27,db,cb,91,36,3a,ca,d6,94,4d,d4,b1,90,b9,df,a8,60,b9,ad,be,50,b1,5e,24,6b,\
"rkeysecu"=hex:44,c8,b9,9f,32,57,3b,cb,d1,4b,2e,c3,b7,6d,88,b1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'csrss.exe'(456)
c:\windows\system32\yabcyy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\users\Sergent\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2010-03-30 23:27:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-30 21:27
Avant-CF: 44 322 029 568 octets libres
Après-CF: 45 307 408 384 octets libres
- - End Of File - - BAC6EBF4116F608A7B7717EE8BF06930
.
c:\users\Sergent\AppData\Local\ntstDirect\ntstDirect.dll
c:\users\Sergent\AppData\Roaming\msplyid
c:\users\Sergent\AppData\Roaming\msplyid\config.ini
c:\users\Sergent\AppData\Roaming\msplyid\msplyid.exe
c:\windows\system32\rqrqpq.dll
c:\windows\system32\yabcyy.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-30 ))))))))))))))))))))))))))))))))))))
.
2010-03-30 20:19 . 2010-03-30 21:23 88576 ---ha-w- c:\windows\system32\yabcyy.dll
2010-03-30 20:19 . 2010-03-30 20:19 303097 ----a-w- c:\users\Sergent\mpod.exe
2010-03-29 19:27 . 2010-03-29 19:34 -------- d-----w- c:\users\Sergent\AppData\Roaming\Nero
2010-03-29 18:55 . 2010-03-29 19:01 -------- d-----w- c:\program files\Nero
2010-03-29 18:55 . 2010-03-29 18:56 -------- d-----w- c:\programdata\Nero
2010-03-29 18:55 . 2010-03-29 19:01 -------- d-----w- c:\program files\Common Files\Nero
2010-03-28 19:46 . 2010-03-28 20:03 -------- d-----w- c:\users\Sergent\DoctorWeb
2010-03-28 18:37 . 2010-03-28 18:37 -------- d-----w- c:\users\Sergent\AppData\Roaming\Malwarebytes
2010-03-28 18:36 . 2010-03-28 18:36 -------- d-----w- c:\programdata\Malwarebytes
2010-03-28 17:38 . 2010-03-28 17:38 -------- d-----w- c:\program files\Trend Micro
2010-03-28 11:39 . 2010-03-28 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-28 11:39 . 2010-03-28 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-26 16:44 . 2010-03-28 03:08 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2010-03-21 19:36 . 2010-03-30 21:22 -------- d-----w- c:\users\Sergent\AppData\Local\ntstDirect
2010-03-18 22:41 . 2010-03-21 12:06 -------- d-----w- c:\users\Sergent\AppData\Local\stolocalruntime
2010-03-14 17:13 . 2010-03-14 17:13 -------- d-----w- c:\windows\Sun
2010-03-13 19:03 . 2010-03-18 09:59 -------- d-----w- c:\users\Sergent\AppData\Local\dlldeskgfx
2010-03-12 20:20 . 2010-03-12 20:20 -------- d-----w- c:\programdata\Sports Interactive
2010-03-12 20:19 . 2010-03-12 20:19 -------- d-----w- c:\users\Sergent\AppData\Roaming\Sports Interactive
2010-03-12 19:24 . 2010-03-12 19:25 -------- d--h--w- c:\program files\Zero G Registry
2010-03-12 19:23 . 2010-03-12 19:23 -------- d--h--w- c:\users\Sergent\InstallAnywhere
2010-03-07 17:29 . 2010-03-07 17:29 -------- d-----w- c:\users\Sergent\AppData\Roaming\StreamTorrent
2010-03-04 19:55 . 2010-03-04 19:55 -------- d-----w- c:\users\Sergent\AppData\Roaming\vlc
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 21:21 . 2009-07-14 08:39 707374 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-30 21:21 . 2009-07-14 08:39 133218 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-30 21:14 . 2010-01-12 23:29 -------- d-----w- c:\users\Sergent\AppData\Roaming\Skype
2010-03-30 20:48 . 2009-12-17 23:04 -------- d-----w- c:\program files\BitComet
2010-03-30 20:38 . 2009-11-12 11:34 -------- d-----w- c:\program files\Steam
2010-03-30 19:37 . 2010-01-12 23:32 -------- d-----w- c:\users\Sergent\AppData\Roaming\skypePM
2010-03-28 03:08 . 2010-02-17 17:47 -------- d-----w- c:\program files\Monte Cristo
2010-03-26 16:38 . 2009-11-03 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 16:33 . 2009-07-14 04:57 67584 --s-a-w- c:\windows\bootstat(17).dat
2010-03-24 10:32 . 2009-11-04 20:09 -------- d-----w- c:\program files\Java
2010-03-15 20:18 . 2009-11-04 20:09 -------- d-----w- c:\users\Sergent\AppData\Roaming\LimeWire
2010-03-12 22:33 . 2010-02-03 22:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-10 18:54 . 2009-11-06 18:35 -------- d-----w- c:\programdata\Microsoft Help
2010-03-05 10:17 . 2009-11-13 15:31 -------- d-----w- c:\programdata\Xfire
2010-03-05 00:04 . 2009-11-13 15:31 -------- d-----w- c:\users\Sergent\AppData\Roaming\Xfire
2010-03-04 23:34 . 2009-11-13 15:31 -------- d-----w- c:\program files\Xfire
2010-02-26 20:16 . 2009-12-13 20:24 -------- d-----w- c:\users\Sergent\AppData\Roaming\Free Download Manager
2010-02-24 09:16 . 2009-11-03 17:51 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 14:16 . 2010-02-19 14:16 -------- d-----w- c:\program files\Razer
2010-02-15 22:08 . 2010-02-03 23:11 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-15 22:07 . 2010-02-03 23:11 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-14 17:56 . 2010-02-14 17:56 -------- d-----w- c:\program files\iTunes
2010-02-14 17:56 . 2010-02-14 17:56 -------- d-----w- c:\program files\iPod
2010-02-14 17:56 . 2009-12-24 23:01 -------- d-----w- c:\program files\Common Files\Apple
2010-02-14 17:47 . 2010-02-14 17:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-14 10:28 . 2010-02-14 10:28 -------- d-----w- c:\programdata\TomTom
2010-02-14 10:26 . 2010-02-14 10:26 -------- d-----w- c:\users\Sergent\AppData\Roaming\TomTom
2010-02-14 10:26 . 2010-02-14 10:26 -------- d-----w- c:\program files\TomTom International B.V
2010-02-14 10:26 . 2010-02-14 10:26 -------- d-----w- c:\program files\TomTom HOME 2
2010-02-12 21:56 . 2009-11-05 16:39 -------- d-----w- c:\programdata\ma-config.com
2010-02-12 21:56 . 2009-11-05 16:39 -------- d-----w- c:\program files\ma-config.com
2010-02-11 07:10 . 2010-02-27 11:59 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-03 23:23 . 2010-02-03 23:10 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-03 23:08 . 2010-02-03 23:08 -------- d-----w- c:\program files\VideoLAN
2010-02-03 23:05 . 2010-02-03 21:34 550815505 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\BF2142_Update_1.50.exe
2010-02-03 22:52 . 2010-02-03 22:52 -------- d--h--r- c:\users\Sergent\AppData\Roaming\SecuROM
2010-02-03 22:48 . 2010-02-03 20:35 -------- d-----w- c:\program files\Electronic Arts
2010-02-03 22:45 . 2010-02-03 22:45 90112 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\BF2CdKeyCheck.exe
2010-02-03 22:45 . 2010-02-03 22:45 618496 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\EReg.exe
2010-02-03 22:45 . 2010-02-03 22:45 561152 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\EasyInfo.exe
2010-02-03 22:45 . 2010-02-03 22:45 73728 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\Battlefield 2142_uninst.exe
2010-02-03 22:45 . 2010-02-03 22:45 390408 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Support\Battlefield 2142_code.exe
2010-02-03 22:45 . 2010-02-03 22:45 5748968 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Redist\ComradeSetup0.26.0.134.exe
2010-02-03 22:45 . 2010-02-03 22:45 484560 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\directx\dxsetup.exe
2010-02-03 22:45 . 2010-02-03 22:45 2248400 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\directx\dsetup32.dll
2010-02-03 22:45 . 2010-02-03 22:45 74448 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\directx\DSETUP.dll
2010-02-03 22:45 . 2010-02-03 22:45 118736 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\setup.exe
2010-02-03 22:44 . 2010-02-03 22:44 4386816 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ tiffie78@hotmail.fr }\bf2142_deluxe_dd\Autorun.exe
2010-02-03 20:39 . 2010-02-03 20:39 -------- d-----w- c:\programdata\Electronic Arts
2010-02-03 20:39 . 2010-02-03 20:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-03 20:38 . 2010-02-03 20:39 38784 ----a-w- c:\users\Sergent\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-03 20:38 . 2010-02-03 20:39 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-02 21:45 . 2009-11-03 17:52 110432 ----a-w- c:\users\Sergent\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 19:36 . 2010-02-02 19:36 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-02 19:33 . 2009-11-03 18:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-02 19:10 . 2010-02-02 19:10 -------- d-----w- c:\users\Sergent\AppData\Roaming\InstallShield
2010-02-02 19:06 . 2010-02-02 19:06 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-02-02 18:52 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-02-02 07:45 . 2010-02-25 12:42 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-31 18:20 . 2010-01-31 18:20 -------- d-----w- c:\users\Sergent\AppData\Roaming\2K Sports
2010-01-30 23:41 . 2010-01-30 23:28 -------- d-----w- c:\program files\NBA 2K9
2010-01-18 23:29 . 2010-02-09 18:10 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-09 18:10 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-09 18:10 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-09 18:10 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-09 18:10 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-09 18:10 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-09 18:10 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-09 18:10 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-12 23:32 . 2010-01-12 23:32 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-08 03:18 . 2010-02-09 18:10 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-09 18:10 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-27 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"rqolkjsys"="yabcyy.dll" [2010-03-30 88576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"awwvtrsys"="yabcyy.dll" [2010-03-30 88576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 yabcyy.dll
[HKLM\~\startupfolder\C:^Users^Sergent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Sergent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-26 20:05 1217872 ----a-w- c:\program files\Steam\steam.exe
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-01-26 243056]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-03 691696]
S1 aswSP;avast! Self Protection; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-23 172032]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 RTL85n86;Pilote du périphérique sans fil Realtek 8180/8185 Extensible 802.11;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808]
.
Contenu du dossier 'Tâches planifiées'
2010-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-931841741-653269287-666778741-1000Core.job
- c:\users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 13:34]
2010-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-931841741-653269287-666778741-1000UA.job
- c:\users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 13:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
TCP: {FFD085A8-E3E1-4785-8D9F-2585CFB0B54C} = 212.27.53.252,212.27.54.252
FF - ProfilePath - c:\users\Sergent\AppData\Roaming\Mozilla\Firefox\Profiles\b7a3kish.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Sergent\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-mdply3d - c:\users\Sergent\AppData\Roaming\msplyid\msplyid.exe
HKCU-Run-nnmmkldrv - rqrqpq.dll
HKCU-Run-ntstDirect - c:\users\Sergent\AppData\Local\ntstDirect\ntstDirect.dll
HKLM-Run-wvtsqqdrv - rqrqpq.dll
HKU-Default-Run-urspmndrv - rqrqpq.dll
MSConfigStartUp-Widget LEquipe - c:\program files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84A741F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x2020654b
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x84ab00e4
user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-931841741-653269287-666778741-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:47,99,be,7d,98,e8,56,fb,9c,35,f5,74,51,93,5d,61,89,46,6d,a7,8d,8c,b5,
3c,b5,de,13,5c,8e,8c,e5,b2,64,c2,ae,6d,7e,3a,c7,08,60,61,bc,0a,7b,78,eb,5a,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
[HKEY_USERS\S-1-5-21-931841741-653269287-666778741-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,c7,2c,6e,4a,38,7e,ef,15,be,e4,e6,f9,f6,05,69,e2,88,12,73,29,
27,db,cb,91,36,3a,ca,d6,94,4d,d4,b1,90,b9,df,a8,60,b9,ad,be,50,b1,5e,24,6b,\
"rkeysecu"=hex:44,c8,b9,9f,32,57,3b,cb,d1,4b,2e,c3,b7,6d,88,b1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'csrss.exe'(456)
c:\windows\system32\yabcyy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\users\Sergent\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2010-03-30 23:27:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-30 21:27
Avant-CF: 44 322 029 568 octets libres
Après-CF: 45 307 408 384 octets libres
- - End Of File - - BAC6EBF4116F608A7B7717EE8BF06930
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
On avance on avance ! :-)
---> Télécharge Gmer sur ton Bureau :
http://www2.gmer.net/gmer.zip
---> Extrais le contenu de l'archive puis renomme gmer.exe en CCM.exe (Le .exe n'est pas forcément visible).
---> Double-clique sur CCM.exe.
---> Onglet "Rootkit/Malware", clique sur "Scan" puis patiente.
---> En fin de traitement, clique sur "Save..." et enregistre sur ton Bureau "gmer.txt".
---> Double-clique sur "gmer.txt", le rapport apparaît, poste-le stp
@+
Chaque voyage est le rêve d'une nouvelle naissance (Jean Royer)
---> Télécharge Gmer sur ton Bureau :
http://www2.gmer.net/gmer.zip
---> Extrais le contenu de l'archive puis renomme gmer.exe en CCM.exe (Le .exe n'est pas forcément visible).
---> Double-clique sur CCM.exe.
---> Onglet "Rootkit/Malware", clique sur "Scan" puis patiente.
---> En fin de traitement, clique sur "Save..." et enregistre sur ton Bureau "gmer.txt".
---> Double-clique sur "gmer.txt", le rapport apparaît, poste-le stp
@+
Chaque voyage est le rêve d'une nouvelle naissance (Jean Royer)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-31 12:42:29
Windows 6.1.7600
Running: CCM.exe; Driver: C:\Users\Sergent\AppData\Local\Temp\uxrdrfod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C35AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C35104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C353F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C351DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C35958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C356F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C35F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C361A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C955C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBA052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spfo.sys Le chemin d'accès spécifié est introuvable. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC23000, 0x2CB74C, 0xE8000020]
.text USBPORT.SYS!DllUnload 8DB49CA0 5 Bytes JMP 860D11D8
.text a8hkmy7y.SYS 8F18D000 12 Bytes [44, 08, C2, 82, EE, 06, C2, ...]
.text a8hkmy7y.SYS 8F18D00D 9 Bytes [E7, C1, 82, 48, 0B, C2, 82, ...] {OUT 0xc1, EAX; OR BYTE [EAX+0xb], -0x3e; ADD BYTE [EAX], 0x0}
.text a8hkmy7y.SYS 8F18D017 170 Bytes [00, DE, 47, DA, 88, E6, 45, ...]
.text a8hkmy7y.SYS 8F18D0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a8hkmy7y.SYS 8F18D0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 9E43FC9D 28 Bytes [8F, 10, 56, B2, 24, 4A, 7A, ...]
.text peauth.sys 9E43FCC1 28 Bytes [8F, 10, 56, B2, 24, 4A, 7A, ...]
PAGE peauth.sys 9E44602C 102 Bytes [C7, E3, 75, B3, 67, 93, DA, ...]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88CA8042] \SystemRoot\System32\Drivers\spfo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88CA86D6] \SystemRoot\System32\Drivers\spfo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88CA8800] \SystemRoot\System32\Drivers\spfo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88CA813E] \SystemRoot\System32\Drivers\spfo.sys
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[1984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1984] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1984] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1984] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2036] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2036] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2036] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E961F8
Device \FileSystem\udfs \UdfsCdRom 86EA31F8
Device \FileSystem\udfs \UdfsDisk 86EA31F8
Device \Driver\sptd \Device\2640815230 spfo.sys
Device \Driver\volmgr \Device\VolMgrControl 84E921F8
Device \Driver\usbuhci \Device\USBPDO-0 860D21F8
Device \Driver\usbuhci \Device\USBPDO-1 860D21F8
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 860D21F8
Device \Driver\usbehci \Device\USBPDO-3 860C8500
Device \Driver\usbuhci \Device\USBPDO-4 860D21F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 860D21F8
Device \Driver\usbuhci \Device\USBPDO-6 860D21F8
Device \Driver\volmgr \Device\HarddiskVolume1 84E921F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 860C8500
Device \Driver\volmgr \Device\HarddiskVolume2 84E921F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 86029458
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84E941F8
Device \Driver\atapi \Device\Ide\IdePort0 84E941F8
Device \Driver\atapi \Device\Ide\IdePort1 84E941F8
Device \Driver\atapi \Device\Ide\IdePort2 84E941F8
Device \Driver\atapi \Device\Ide\IdePort3 84E941F8
Device \Driver\atapi \Device\Ide\IdePort4 84E941F8
Device \Driver\atapi \Device\Ide\IdePort5 84E941F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 84E941F8
Device \Driver\cdrom \Device\CdRom1 86029458
Device \Driver\NetBT \Device\NetBt_Wins_Export 8602E1F8
Device \Driver\PCI_PNP1229 \Device\0000004d spfo.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 860D21F8
Device \Driver\usbuhci \Device\USBFDO-1 860D21F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EE5A825A-3B07-44C1-BF3D-90E714857F77} 8602E1F8
Device \Driver\usbuhci \Device\USBFDO-2 860D21F8
Device \Driver\usbehci \Device\USBFDO-3 860C8500
Device \Driver\NetBT \Device\NetBT_Tcpip_{FFD085A8-E3E1-4785-8D9F-2585CFB0B54C} 8602E1F8
Device \Driver\usbuhci \Device\USBFDO-4 860D21F8
Device \Driver\usbuhci \Device\USBFDO-5 860D21F8
Device \Driver\usbuhci \Device\USBFDO-6 860D21F8
Device \Driver\usbehci \Device\USBFDO-7 860C8500
Device \Driver\a8hkmy7y \Device\Scsi\a8hkmy7y1 85FEC1F8
Device \Driver\a8hkmy7y \Device\Scsi\a8hkmy7y1Port6Path0Target0Lun0 85FEC1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge 1
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?mer.?, ?mars ?31 ?10, 12:23:27????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x22 0x07 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x3F 0x06 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0x08 0x8E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC6 0xAD 0xED 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x22 0x07 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x3F 0x06 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0x08 0x8E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC6 0xAD 0xED 0x99 ...
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-03-31 12:42:29
Windows 6.1.7600
Running: CCM.exe; Driver: C:\Users\Sergent\AppData\Local\Temp\uxrdrfod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C35AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C35104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C353F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C351DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C35958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C356F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C35F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C361A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C955C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBA052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spfo.sys Le chemin d'accès spécifié est introuvable. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC23000, 0x2CB74C, 0xE8000020]
.text USBPORT.SYS!DllUnload 8DB49CA0 5 Bytes JMP 860D11D8
.text a8hkmy7y.SYS 8F18D000 12 Bytes [44, 08, C2, 82, EE, 06, C2, ...]
.text a8hkmy7y.SYS 8F18D00D 9 Bytes [E7, C1, 82, 48, 0B, C2, 82, ...] {OUT 0xc1, EAX; OR BYTE [EAX+0xb], -0x3e; ADD BYTE [EAX], 0x0}
.text a8hkmy7y.SYS 8F18D017 170 Bytes [00, DE, 47, DA, 88, E6, 45, ...]
.text a8hkmy7y.SYS 8F18D0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a8hkmy7y.SYS 8F18D0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 9E43FC9D 28 Bytes [8F, 10, 56, B2, 24, 4A, 7A, ...]
.text peauth.sys 9E43FCC1 28 Bytes [8F, 10, 56, B2, 24, 4A, 7A, ...]
PAGE peauth.sys 9E44602C 102 Bytes [C7, E3, 75, B3, 67, 93, DA, ...]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88CA8042] \SystemRoot\System32\Drivers\spfo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88CA86D6] \SystemRoot\System32\Drivers\spfo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88CA8800] \SystemRoot\System32\Drivers\spfo.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88CA813E] \SystemRoot\System32\Drivers\spfo.sys
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a8hkmy7y.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[1984] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1984] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1984] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1984] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1996] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2036] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2036] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2036] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E961F8
Device \FileSystem\udfs \UdfsCdRom 86EA31F8
Device \FileSystem\udfs \UdfsDisk 86EA31F8
Device \Driver\sptd \Device\2640815230 spfo.sys
Device \Driver\volmgr \Device\VolMgrControl 84E921F8
Device \Driver\usbuhci \Device\USBPDO-0 860D21F8
Device \Driver\usbuhci \Device\USBPDO-1 860D21F8
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 860D21F8
Device \Driver\usbehci \Device\USBPDO-3 860C8500
Device \Driver\usbuhci \Device\USBPDO-4 860D21F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBPDO-5 860D21F8
Device \Driver\usbuhci \Device\USBPDO-6 860D21F8
Device \Driver\volmgr \Device\HarddiskVolume1 84E921F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 860C8500
Device \Driver\volmgr \Device\HarddiskVolume2 84E921F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 86029458
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84E941F8
Device \Driver\atapi \Device\Ide\IdePort0 84E941F8
Device \Driver\atapi \Device\Ide\IdePort1 84E941F8
Device \Driver\atapi \Device\Ide\IdePort2 84E941F8
Device \Driver\atapi \Device\Ide\IdePort3 84E941F8
Device \Driver\atapi \Device\Ide\IdePort4 84E941F8
Device \Driver\atapi \Device\Ide\IdePort5 84E941F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 84E941F8
Device \Driver\cdrom \Device\CdRom1 86029458
Device \Driver\NetBT \Device\NetBt_Wins_Export 8602E1F8
Device \Driver\PCI_PNP1229 \Device\0000004d spfo.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbuhci \Device\USBFDO-0 860D21F8
Device \Driver\usbuhci \Device\USBFDO-1 860D21F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EE5A825A-3B07-44C1-BF3D-90E714857F77} 8602E1F8
Device \Driver\usbuhci \Device\USBFDO-2 860D21F8
Device \Driver\usbehci \Device\USBFDO-3 860C8500
Device \Driver\NetBT \Device\NetBT_Tcpip_{FFD085A8-E3E1-4785-8D9F-2585CFB0B54C} 8602E1F8
Device \Driver\usbuhci \Device\USBFDO-4 860D21F8
Device \Driver\usbuhci \Device\USBFDO-5 860D21F8
Device \Driver\usbuhci \Device\USBFDO-6 860D21F8
Device \Driver\usbehci \Device\USBFDO-7 860C8500
Device \Driver\a8hkmy7y \Device\Scsi\a8hkmy7y1 85FEC1F8
Device \Driver\a8hkmy7y \Device\Scsi\a8hkmy7y1Port6Path0Target0Lun0 85FEC1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge 1
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?mer.?, ?mars ?31 ?10, 12:23:27????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x22 0x07 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x3F 0x06 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0x08 0x8E 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC6 0xAD 0xED 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x22 0x07 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAA 0x3F 0x06 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x33 0x08 0x8E 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC6 0xAD 0xED 0x99 ...
---- EOF - GMER 1.0.15 ----
Salut,
On va faire analyser un fichier suspect :
* Vas sur ce lien : https://www.virustotal.com/gui/
* Clique sur Parcourir... :
* Navigue jusqu'à ce fichier en gras puis clique sur ouvrir :
C:\Windows\system32\DRIVERS\a8hkmy7y.SYS
* Clique ensuite sur Envoyez le fichier
* Il faut patienter pendant l'analyse du fichier par les antivirus, à la fin de l'analyse un rapport est fourni, poste le stp.
@+
On va faire analyser un fichier suspect :
* Vas sur ce lien : https://www.virustotal.com/gui/
* Clique sur Parcourir... :
* Navigue jusqu'à ce fichier en gras puis clique sur ouvrir :
C:\Windows\system32\DRIVERS\a8hkmy7y.SYS
* Clique ensuite sur Envoyez le fichier
* Il faut patienter pendant l'analyse du fichier par les antivirus, à la fin de l'analyse un rapport est fourni, poste le stp.
@+
Salut,
C'est normal, je n'étais pas du tout sure sur chemin ... et sous seven j'ai l'impression qu'on est un peu limité niveau outil :/
Comment se comporte le pc depuis ?
@+
C'est normal, je n'étais pas du tout sure sur chemin ... et sous seven j'ai l'impression qu'on est un peu limité niveau outil :/
Comment se comporte le pc depuis ?
@+
Le probléme a complétement disparu tout se passe parfaitement bien.
Je te remerci vraiment pour cette aide, juste une question pour savoir ca m'intrigue lol comment tu arrives a voir un probléme sur les rapports, quelle est l'élément qui montre que j'ai un probléme ?
Je te remerci vraiment pour cette aide, juste une question pour savoir ca m'intrigue lol comment tu arrives a voir un probléme sur les rapports, quelle est l'élément qui montre que j'ai un probléme ?
Salut,
Ok, poste un nouveau rapport hijackthis, il reste quelques fichiers à virer et quelques mises à jour à faire pour parfaire la désinfection, vais me renseigner sur le chemin du fichier.sys car ça me turlupine un peu ...
Bon we,@+
Ok, poste un nouveau rapport hijackthis, il reste quelques fichiers à virer et quelques mises à jour à faire pour parfaire la désinfection, vais me renseigner sur le chemin du fichier.sys car ça me turlupine un peu ...
Bon we,@+
Désolé pour le retard voici un rapport Hijackthis :
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Sergent\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sergent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sergent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [rqolkjsys] rundll32.exe "yabcyy.dll",DllRegisterServer
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [awwvtrsys] rundll32.exe "yabcyy.dll",DllRegisterServer (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [awwvtrsys] rundll32.exe "yabcyy.dll",DllRegisterServer (User 'Default user')
O4 - Startup: NHL® 09 Registration.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD085A8-E3E1-4785-8D9F-2585CFB0B54C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Sergent\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sergent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sergent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [rqolkjsys] rundll32.exe "yabcyy.dll",DllRegisterServer
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sergent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [awwvtrsys] rundll32.exe "yabcyy.dll",DllRegisterServer (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [awwvtrsys] rundll32.exe "yabcyy.dll",DllRegisterServer (User 'Default user')
O4 - Startup: NHL® 09 Registration.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFD085A8-E3E1-4785-8D9F-2585CFB0B54C}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
