Problème divers virus
Fermé
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
-
15 avril 2010 à 15:36
Utilisateur anonyme - 18 avril 2010 à 15:07
Utilisateur anonyme - 18 avril 2010 à 15:07
A voir également:
- Problème divers virus
- Virus mcafee - Accueil - Piratage
- Youtu.be virus - Accueil - Guide virus
- Virus facebook demande d'amis - Accueil - Facebook
- Faux message virus ordinateur - Accueil - Arnaque
- Svchost.exe virus - Guide
20 réponses
Utilisateur anonyme
15 avril 2010 à 16:27
15 avril 2010 à 16:27
bonjour
Désactive l'UAC: controle de compte d'utilisateur
Clique sur le menu Démarrer puis sur Panneau de configuration , Comptes d'utilisateurs
Clique sur Activer ou désactiver le contrôle des comptes d'utilisateurs:
Une nouvelle fenêtre s'ouvre,décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur puis OK:
Une demande s'affiche si vous voulez redémarrer votre ordinateur, clique sur redémarrer maintenant
Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme
Télécharge Gmer http://www.gmer.net/
* Clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par une infection)
Clic droit sur Gmer, et sur exécuter en tant qu'administrateur
* Dans l'onglet "Rootkit", clique sur "Scan" puis patiente.
* A la fin, clique sur "Save" et enregistre le rapport sur ton Bureau.
Désactive l'UAC: controle de compte d'utilisateur
Clique sur le menu Démarrer puis sur Panneau de configuration , Comptes d'utilisateurs
Clique sur Activer ou désactiver le contrôle des comptes d'utilisateurs:
Une nouvelle fenêtre s'ouvre,décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur puis OK:
Une demande s'affiche si vous voulez redémarrer votre ordinateur, clique sur redémarrer maintenant
Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme
Télécharge Gmer http://www.gmer.net/
* Clique sur "Download EXE" pour télécharger Gmer (sous un nom aléatoire, pour éviter qu'il soit bloqué par une infection)
Clic droit sur Gmer, et sur exécuter en tant qu'administrateur
* Dans l'onglet "Rootkit", clique sur "Scan" puis patiente.
* A la fin, clique sur "Save" et enregistre le rapport sur ton Bureau.
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
15 avril 2010 à 20:49
15 avril 2010 à 20:49
bonjour et merci pour ta réponse rapide
cependant gmer plante avant la fin même en le renommant et en mode sans échec aussi !!
As tu une autre solution ?
cependant gmer plante avant la fin même en le renommant et en mode sans échec aussi !!
As tu une autre solution ?
Utilisateur anonyme
Modifié par nathandre le 15/04/2010 à 21:33
Modifié par nathandre le 15/04/2010 à 21:33
Attention, avant de commencer, lit attentivement la procédure, et imprime la
Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
tutoriel pour bien utiliser l'outil
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Clic droit sur ComboFix.exe, et sur exécuter en tant qu'administrateur
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie...Clique sur oui pour accepter
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
tutoriel pour bien utiliser l'outil
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Clic droit sur ComboFix.exe, et sur exécuter en tant qu'administrateur
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie...Clique sur oui pour accepter
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
15 avril 2010 à 22:30
15 avril 2010 à 22:30
voilà le rapport :
ComboFix 10-04-14.04 - Angèle 15/04/2010 22:01:06.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1954 [GMT 2:00]
Lancé depuis: c:\users\Angèle\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Angèle\AppData\Roaming\Microsoft\Windows\Recent\VideoLAN Website.url
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}\chrome\xulcache.jar
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}\install.rdf
c:\windows\system32\75895-BAMBI ET PANPAN 24 11 2009 .pps
c:\windows\system32\banlieue ...pps
c:\windows\system32\Fw _ .eml
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.
2010-04-15 20:11 . 2010-04-15 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-15 10:57 . 2010-04-15 11:13 -------- d-----w- c:\program files\adslTV
2010-04-15 08:11 . 2010-04-15 08:15 -------- d-----w- c:\program files\Games
2010-04-13 15:46 . 2010-04-13 15:46 -------- d-----w- C:\MicroGaming(2)
2010-04-13 09:55 . 2010-04-13 10:56 -------- d-----w- c:\program files\a-squared Free
2010-04-13 08:08 . 2010-04-13 08:08 -------- d-----w- c:\program files\MSECache
2010-04-09 09:52 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 09:52 . 2010-04-09 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 09:52 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 06:32 . 2010-04-09 06:32 -------- d-----w- c:\program files\Trend Micro
2010-04-08 08:56 . 2010-04-16 04:15 -------- d-----w- c:\program files\Glary Utilities
2010-04-03 07:46 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-03 07:44 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-03 07:44 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-03 07:44 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-03 07:44 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-03 07:44 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-04-03 07:44 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-04-02 23:55 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-02 23:25 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-02 23:25 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-02 23:25 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-02 08:56 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-02 08:56 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-02 08:56 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-04-02 08:56 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-04-02 08:55 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-02 08:55 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-04-02 08:55 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-02 08:55 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-02 08:55 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-02 08:55 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-02 08:55 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-02 08:55 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-02 08:55 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-04-02 08:50 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-02 08:50 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-04-02 08:50 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-04-02 08:50 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-02 08:49 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-02 08:49 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-02 08:49 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-04-02 08:49 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-02 08:49 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-04-02 08:49 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-02 08:49 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-02 08:49 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-02 08:49 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-04-02 08:49 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-04-02 08:48 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-04-02 08:47 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-02 08:47 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-02 08:47 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-02 08:47 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-04-02 08:47 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-04-02 08:46 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-04-02 08:46 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-04-02 08:46 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-02 08:46 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-02 08:46 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-02 07:59 . 2010-04-02 07:59 10752 ----a-w- c:\windows\DCEBoot.exe
2010-04-02 07:51 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-01 11:38 . 2010-04-01 11:38 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-03-27 17:05 . 2010-03-27 17:05 -------- d-----w- c:\programdata\Particles
2010-03-17 08:39 . 2010-04-16 04:15 -------- d-----w- c:\programdata\Fenomen Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 04:15 . 2010-01-26 17:45 -------- d-----w- c:\programdata\JollyBear
2010-04-16 04:15 . 2009-09-01 10:29 -------- d-----w- c:\programdata\Awem
2010-04-16 04:15 . 2008-05-09 02:18 -------- d-----w- c:\program files\Microsoft Works
2010-04-16 04:11 . 2008-05-09 02:17 -------- d-----w- c:\program files\Microsoft.NET
2010-04-16 04:10 . 2010-03-07 15:10 -------- d-----w- c:\program files\Activision Value
2010-04-15 20:06 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-15 20:06 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-15 18:19 . 2009-03-17 18:07 -------- d-----w- c:\programdata\Google Updater
2010-04-13 12:32 . 2010-02-19 12:12 -------- d-----w- c:\programdata\PlayFirst
2010-04-12 08:38 . 2009-10-25 19:21 -------- d-----w- c:\program files\Microsoft
2010-04-12 08:37 . 2008-05-09 02:16 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 09:42 . 2008-05-09 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 09:40 . 2010-03-04 17:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-06 16:35 . 2009-08-06 11:51 -------- d-----w- c:\program files\Zylom Games
2010-04-03 21:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-27 17:04 . 2009-07-12 16:40 -------- d-----w- c:\program files\LeeGTs Games
2010-03-07 16:27 . 2010-03-07 16:27 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix
2010-03-04 17:54 . 2010-03-04 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-03 13:11 . 2010-03-03 13:11 40960 ----a-w- c:\programdata\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
2010-03-03 13:05 . 2010-03-03 13:05 41075 ----a-w- c:\programdata\MGS\cache\c\chiefsfortunebonus.c2bec570aab63ef04a9e9131551006f6.dll
2010-03-03 13:04 . 2010-03-03 13:04 409872 ----a-w- c:\programdata\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
2010-03-03 13:04 . 2010-03-03 13:04 463120 ----a-w- c:\programdata\MGS\cache\c\complexpickxofybonus.244de60f7c0c0169f0772e5811794d9e.dll
2010-03-03 12:58 . 2010-03-03 12:58 233744 ----a-w- c:\programdata\MGS\cache\c\casinowarxxx.07a6656e153859c2f09a4efde26ba0d5.dll
2010-03-03 12:58 . 2010-03-03 12:58 118784 ----a-w- c:\programdata\MGS\cache\c\casinowar.e981fb96518533a1e37361e9d8163b74.dll
2010-03-03 12:57 . 2010-03-03 12:57 131072 ----a-w- c:\programdata\MGS\cache\t\type_5reelprogressive3_4_5.c65d2830787ed7999b948455e324121b.dll
2010-03-03 12:57 . 2010-03-03 12:57 159744 ----a-w- c:\programdata\MGS\cache\p\progressive_temp.979c9e04248bf52052c2caf1e627d86b.dll
2010-03-03 12:57 . 2010-03-03 12:57 151552 ----a-w- c:\programdata\MGS\cache\p\progressive.8fe1347dac5a6804834d35e86c789f9a.dll
2010-03-03 12:57 . 2010-03-03 12:57 122880 ----a-w- c:\programdata\MGS\cache\t\type_3reelprogressive1_2.a0c5e56438d504531121ead802e24dcf.dll
2010-03-03 12:54 . 2010-03-03 12:54 159744 ----a-w- c:\programdata\MGS\cache\c\cashanovagetlucky.70edc0ef64acff9d67d53ba965b991b4.dll
2010-03-03 12:54 . 2010-03-03 12:54 135168 ----a-w- c:\programdata\MGS\cache\c\cashanovagetlucky_temp.b71b6ce6d93f57e6e8d79f64bfda39ca.dll
2010-03-03 12:54 . 2010-03-03 12:54 434448 ----a-w- c:\programdata\MGS\cache\c\cashanovafreerangebonus.c80646018f801b82af1a85ac0f07ba46.dll
2010-03-03 12:54 . 2010-03-03 12:54 217360 ----a-w- c:\programdata\MGS\cache\c\cashanovafreerangebonus_temp.598336f9707e832cab943342026367f4.dll
2010-03-03 12:52 . 2010-03-03 12:52 303376 ----a-w- c:\programdata\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
2010-03-03 12:52 . 2010-03-03 12:52 295184 ----a-w- c:\programdata\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
2010-03-03 12:51 . 2010-03-03 12:51 119056 ----a-w- c:\programdata\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
2010-03-03 12:47 . 2010-03-03 12:47 131344 ----a-w- c:\programdata\MGS\cache\b\bonus_threereel_types_1_2.19c24a05687d90864e9a9de516d92124.dll
2010-03-03 12:47 . 2010-03-03 12:47 45056 ----a-w- c:\programdata\MGS\cache\w\wheelofwealthbonus.273ed6671a16c67a5d50ecde6a66097a.dll
2010-03-03 12:47 . 2010-03-03 12:47 1486848 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_gao_dec_2009.cd728f719824c5074cc6023ea106ea1e.dll
2010-03-03 12:47 . 2010-03-03 12:47 618496 ----a-w- c:\programdata\MGS\cache\g\gamble2_gao_dec_2009.637d031249b1b22e0b31d5303f3811be.dll
2010-03-03 12:47 . 2010-03-03 12:47 679936 ----a-w- c:\programdata\MGS\cache\t\transition_gao_dec_2009.ddf657439bc1cbce99e8763fee9803a4.dll
2010-03-03 12:47 . 2010-03-03 12:47 1040384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_gao_dec_2009.f5605c1fe8513561f2bef5c3c0c1a546.dll
2010-03-03 12:43 . 2010-03-03 12:43 385024 ----a-w- c:\programdata\MGS\cache\b\bonusblackjack.dab6343a296b066bd5fe18d7c7d9940f.dll
2010-03-03 12:43 . 2010-03-03 12:43 483600 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_tggg.10cdcb3e64c301c60db4d11d2d7781a4.dll
2010-03-03 12:43 . 2010-03-03 12:43 446736 ----a-w- c:\programdata\MGS\cache\h\hilowbonus.ecf70c1bd892c000f22ce30d5b0ba784.dll
2010-03-03 12:43 . 2010-03-03 12:43 958464 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_flightzone.1173d08d2670eede892e3adf07022f08.dll
2010-03-03 12:40 . 2010-03-03 12:40 594192 ----a-w- c:\programdata\MGS\cache\s\snakesandladdersbonus.1b7d7437b87cc53b7a00c4efd2db679d.dll
2010-03-03 12:27 . 2010-03-03 12:27 61440 ----a-w- c:\programdata\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
2010-03-03 12:27 . 2010-03-03 12:27 57344 ----a-w- c:\programdata\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll
2010-03-03 12:26 . 2010-03-03 12:26 213089 ----a-w- c:\programdata\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
2010-03-03 12:26 . 2010-03-03 12:26 430352 ----a-w- c:\programdata\MGS\cache\s\simplepickxofyskillbonus.8d56aeea91f0d0bbdf41c578fbf38496.dll
2010-03-03 12:20 . 2010-03-03 12:20 376832 ----a-w- c:\programdata\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
2010-03-03 12:17 . 2010-03-03 12:17 1040384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_novgao_09.0f4a9e5f0c3aacc5fd59c75d3646b44e.dll
2010-03-03 12:17 . 2010-03-03 12:17 1474560 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_novgao_09.bca283e127879ce59170c465ef11ba05.dll
2010-03-03 12:17 . 2010-03-03 12:17 897024 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_novgao_09.cf52962a5fbf37c5c088bd5d667653d4.dll
2010-03-03 12:17 . 2010-03-03 12:17 921600 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_novgao_09.2d0e2f5fb79a1dee2f0dba3ac916277d.dll
2010-03-03 12:17 . 2010-03-03 12:17 618496 ----a-w- c:\programdata\MGS\cache\g\gamble2_novgao_09.5e06bb19f897ab866a50c262ff639055.dll
2010-03-03 12:17 . 2010-03-03 12:17 679936 ----a-w- c:\programdata\MGS\cache\t\transition_novgao_09.002d2269f327b0c9a9e9f327bc91130b.dll
2010-03-03 12:11 . 2010-03-03 12:11 237840 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
2010-03-03 12:11 . 2010-03-03 12:11 217360 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
2010-03-03 12:10 . 2010-03-03 12:10 24638 ----a-w- c:\programdata\MGS\cache\_\_crt_scratch.960d1fa68750fa010e573df52f42c947.dll
2010-03-03 12:10 . 2010-03-03 12:10 421888 ----a-w- c:\programdata\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll
2010-03-03 12:10 . 2010-03-03 12:10 909584 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp.05f0b16a67acb189be99508aa088d348.dll
2010-03-03 12:10 . 2010-03-03 12:10 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_septgao_09.1d5fda158c9a9d1dcbf9e88c5355d884.dll
2010-03-03 12:10 . 2010-03-03 12:10 1904753 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2010-03-03 12:10 . 2010-03-03 12:10 829840 ----a-w- c:\programdata\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
2010-03-03 12:10 . 2010-03-03 12:10 1474560 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_wealthspa.548276e787b133afb9b912eb95b8b5c5.dll
2010-03-03 12:10 . 2010-03-03 12:10 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp2.198f2a88c7f89c1d0b1ded39e546e22b.dll
2010-03-03 12:10 . 2010-03-03 12:10 1638400 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_summerholiday.19e3e7b6f28b2f036c0b87d00fc799b9.dll
2010-03-03 12:10 . 2010-03-03 12:10 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1.d6634c03808be76623e7497fcb1eb424.dll
2010-03-03 12:10 . 2010-03-03 12:10 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_octgao_09.c2cbb8fc70fbf865a9d78d9a5874a4ce.dll
2010-03-03 12:09 . 2010-03-03 12:09 1626112 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_flightzone.40d3a7b3fae72091b79e1759db110c70.dll
2010-03-03 12:09 . 2010-03-03 12:09 367747 ----a-w- c:\programdata\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
2010-03-03 12:09 . 2010-03-03 12:09 327784 ----a-w- c:\programdata\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2010-03-03 12:09 . 2010-03-03 12:09 303204 ----a-w- c:\programdata\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2010-03-03 12:09 . 2010-03-03 12:09 311398 ----a-w- c:\programdata\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2010-02-25 19:48 . 2010-02-25 19:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-24 09:16 . 2009-10-03 07:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-03 07:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-03 07:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-03 07:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-03 07:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 11:22 . 2010-02-22 11:22 -------- d-----w- c:\programdata\QB9
2010-02-16 13:06 . 2009-01-31 14:26 -------- d-----w- c:\program files\Free Easy Burner
2010-02-16 10:45 . 2010-02-16 10:45 -------- d-----w- c:\programdata\WindowsSearch
2010-02-12 17:34 . 2010-02-12 17:34 40 ----a-w- c:\windows\ujf635.bin
2010-02-11 16:31 . 2010-02-11 16:31 233744 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
2010-02-11 16:31 . 2010-02-11 16:31 495888 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus.aa7eb4e3b4774e5cad0d4f8562ca860d.dll
2010-02-11 16:31 . 2010-02-11 16:31 561424 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll
2010-02-11 16:31 . 2010-02-11 16:31 1056768 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_flightzone.1f65e9ffaab494fa7dea6b149ec7a671.dll
2010-02-11 16:30 . 2010-02-11 16:30 290941 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll
2010-02-11 16:30 . 2010-02-11 16:30 139264 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll
2010-02-11 16:30 . 2010-02-11 16:30 114688 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll
2010-02-11 16:30 . 2010-02-11 16:30 246032 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.4b954e6e9e7bfe3947a12889040c706e.dll
2010-02-11 16:30 . 2010-02-11 16:30 225552 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.e45a40be28c5bc5514b9e806f30cdc6f.dll
2010-02-11 16:29 . 2010-02-11 16:29 200704 ----a-w- c:\programdata\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
2010-02-11 16:12 . 2010-02-11 16:12 32768 ----a-w- c:\programdata\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2010-02-11 16:11 . 2010-02-11 16:11 290922 ----a-w- c:\programdata\MGS\cache\m\mpvcommunityslotsplugin.3d81e7021617be93688755b2da22dceb.dll
2010-02-11 16:11 . 2010-02-11 16:11 282699 ----a-w- c:\programdata\MGS\cache\s\slotxxx.d425f74ccb6f6455be09ebe426c90c75.dll
2010-02-11 16:11 . 2010-02-11 16:11 262252 ----a-w- c:\programdata\MGS\cache\w\wheelofwealthbonusplugin.92047ad5bdc826b2122a71a16afa227d.dll
2010-02-11 16:11 . 2010-02-11 16:11 98390 ----a-w- c:\programdata\MGS\cache\s\singleobjects.8ee24693860e1ddd1e27939e8eb192aa.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2009-05-27 20:31 147928 ----a-w- c:\users\Angèle\AppData\Local\easyMule\modules\IE2EM.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 39408]
"Google Update"="c:\users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-24 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-08-18 206192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Angèle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-17 12:20 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-13 08:05 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-853564230-787149935-4199651853-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-02 721904]
R1 Lgmxk;Microsoft Lgmxk support;c:\windows\system32\drivers\Lgmxk.sys [2009-03-03 34432]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\System32\drivers\prodrv04.sys [x]
R2 gupdate1c9a72b5dea1ce2;Service Google Update (gupdate1c9a72b5dea1ce2);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 sbniyeyi;Brother MFC USB Serial WDM Controller;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-04 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-22 43552]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - dpuczth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sbniyeyi
.
Contenu du dossier 'Tâches planifiées'
2010-04-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-08 11:03]
2010-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-10 01:14]
2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 18:08]
2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 18:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: Ajouter à Change Mon Ecran - c:\windows\CmeIE.htm
IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
ShellIconOverlayIdentifiers-{1025695B-34D2-4F8C-BA61-37071754708F} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 22:12
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP000000227ECDEB2C1BF8330E 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpuczth]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-853564230-787149935-4199651853-1000\Software\SecuROM\License information*]
"datasecu"=hex:34,d7,6d,2c,58,b9,d0,2a,2a,73,c0,61,ec,28,80,e6,53,53,6d,f0,dd,
62,fe,cf,e0,73,97,57,ba,77,84,c8,36,88,c5,b3,72,40,a6,d6,2d,76,8d,72,09,d0,\
"rkeysecu"=hex:1b,d4,c9,fc,db,c7,9a,cb,ef,4d,01,ee,b8,97,76,d1
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-04-15 22:15:06
ComboFix-quarantined-files.txt 2010-04-15 20:15
Avant-CF: 48 310 267 904 octets libres
Après-CF: 51 950 538 752 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - A944B4C225FB6FF16838E57318D6F0A4
ComboFix 10-04-14.04 - Angèle 15/04/2010 22:01:06.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1954 [GMT 2:00]
Lancé depuis: c:\users\Angèle\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Angèle\AppData\Roaming\Microsoft\Windows\Recent\VideoLAN Website.url
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}\chrome\xulcache.jar
c:\users\Angèle\AppData\Roaming\Mozilla\Firefox\Profiles\pdmpo4of.default\extensions\{d07937c8-36c3-4622-959d-debe597057be}\install.rdf
c:\windows\system32\75895-BAMBI ET PANPAN 24 11 2009 .pps
c:\windows\system32\banlieue ...pps
c:\windows\system32\Fw _ .eml
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-15 au 2010-04-15 ))))))))))))))))))))))))))))))))))))
.
2010-04-15 20:11 . 2010-04-15 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-15 10:57 . 2010-04-15 11:13 -------- d-----w- c:\program files\adslTV
2010-04-15 08:11 . 2010-04-15 08:15 -------- d-----w- c:\program files\Games
2010-04-13 15:46 . 2010-04-13 15:46 -------- d-----w- C:\MicroGaming(2)
2010-04-13 09:55 . 2010-04-13 10:56 -------- d-----w- c:\program files\a-squared Free
2010-04-13 08:08 . 2010-04-13 08:08 -------- d-----w- c:\program files\MSECache
2010-04-09 09:52 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 09:52 . 2010-04-09 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 09:52 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 06:32 . 2010-04-09 06:32 -------- d-----w- c:\program files\Trend Micro
2010-04-08 08:56 . 2010-04-16 04:15 -------- d-----w- c:\program files\Glary Utilities
2010-04-03 07:46 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-03 07:44 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-03 07:44 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-03 07:44 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-03 07:44 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-03 07:44 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-04-03 07:44 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-04-02 23:55 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-02 23:25 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-02 23:25 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-02 23:25 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-02 08:56 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-02 08:56 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-02 08:56 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-04-02 08:56 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-04-02 08:55 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-04-02 08:55 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-04-02 08:55 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-02 08:55 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-02 08:55 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-04-02 08:55 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-02 08:55 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-02 08:55 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-04-02 08:55 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-04-02 08:50 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-02 08:50 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-04-02 08:50 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-04-02 08:50 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-02 08:49 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-02 08:49 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-04-02 08:49 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-04-02 08:49 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-04-02 08:49 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-04-02 08:49 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-04-02 08:49 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-04-02 08:49 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-04-02 08:49 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-04-02 08:49 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-04-02 08:48 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-04-02 08:47 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-02 08:47 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-02 08:47 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-02 08:47 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-04-02 08:47 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-04-02 08:46 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-04-02 08:46 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-04-02 08:46 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-02 08:46 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-02 08:46 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-02 07:59 . 2010-04-02 07:59 10752 ----a-w- c:\windows\DCEBoot.exe
2010-04-02 07:51 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-01 11:38 . 2010-04-01 11:38 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-03-27 17:05 . 2010-03-27 17:05 -------- d-----w- c:\programdata\Particles
2010-03-17 08:39 . 2010-04-16 04:15 -------- d-----w- c:\programdata\Fenomen Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 04:15 . 2010-01-26 17:45 -------- d-----w- c:\programdata\JollyBear
2010-04-16 04:15 . 2009-09-01 10:29 -------- d-----w- c:\programdata\Awem
2010-04-16 04:15 . 2008-05-09 02:18 -------- d-----w- c:\program files\Microsoft Works
2010-04-16 04:11 . 2008-05-09 02:17 -------- d-----w- c:\program files\Microsoft.NET
2010-04-16 04:10 . 2010-03-07 15:10 -------- d-----w- c:\program files\Activision Value
2010-04-15 20:06 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-15 20:06 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-15 18:19 . 2009-03-17 18:07 -------- d-----w- c:\programdata\Google Updater
2010-04-13 12:32 . 2010-02-19 12:12 -------- d-----w- c:\programdata\PlayFirst
2010-04-12 08:38 . 2009-10-25 19:21 -------- d-----w- c:\program files\Microsoft
2010-04-12 08:37 . 2008-05-09 02:16 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 09:42 . 2008-05-09 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 09:40 . 2010-03-04 17:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-06 16:35 . 2009-08-06 11:51 -------- d-----w- c:\program files\Zylom Games
2010-04-03 21:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-27 17:04 . 2009-07-12 16:40 -------- d-----w- c:\program files\LeeGTs Games
2010-03-07 16:27 . 2010-03-07 16:27 -------- d-----w- c:\program files\Soldier of Fortune II - Double Helix
2010-03-04 17:54 . 2010-03-04 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-03 13:11 . 2010-03-03 13:11 40960 ----a-w- c:\programdata\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
2010-03-03 13:05 . 2010-03-03 13:05 41075 ----a-w- c:\programdata\MGS\cache\c\chiefsfortunebonus.c2bec570aab63ef04a9e9131551006f6.dll
2010-03-03 13:04 . 2010-03-03 13:04 409872 ----a-w- c:\programdata\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
2010-03-03 13:04 . 2010-03-03 13:04 463120 ----a-w- c:\programdata\MGS\cache\c\complexpickxofybonus.244de60f7c0c0169f0772e5811794d9e.dll
2010-03-03 12:58 . 2010-03-03 12:58 233744 ----a-w- c:\programdata\MGS\cache\c\casinowarxxx.07a6656e153859c2f09a4efde26ba0d5.dll
2010-03-03 12:58 . 2010-03-03 12:58 118784 ----a-w- c:\programdata\MGS\cache\c\casinowar.e981fb96518533a1e37361e9d8163b74.dll
2010-03-03 12:57 . 2010-03-03 12:57 131072 ----a-w- c:\programdata\MGS\cache\t\type_5reelprogressive3_4_5.c65d2830787ed7999b948455e324121b.dll
2010-03-03 12:57 . 2010-03-03 12:57 159744 ----a-w- c:\programdata\MGS\cache\p\progressive_temp.979c9e04248bf52052c2caf1e627d86b.dll
2010-03-03 12:57 . 2010-03-03 12:57 151552 ----a-w- c:\programdata\MGS\cache\p\progressive.8fe1347dac5a6804834d35e86c789f9a.dll
2010-03-03 12:57 . 2010-03-03 12:57 122880 ----a-w- c:\programdata\MGS\cache\t\type_3reelprogressive1_2.a0c5e56438d504531121ead802e24dcf.dll
2010-03-03 12:54 . 2010-03-03 12:54 159744 ----a-w- c:\programdata\MGS\cache\c\cashanovagetlucky.70edc0ef64acff9d67d53ba965b991b4.dll
2010-03-03 12:54 . 2010-03-03 12:54 135168 ----a-w- c:\programdata\MGS\cache\c\cashanovagetlucky_temp.b71b6ce6d93f57e6e8d79f64bfda39ca.dll
2010-03-03 12:54 . 2010-03-03 12:54 434448 ----a-w- c:\programdata\MGS\cache\c\cashanovafreerangebonus.c80646018f801b82af1a85ac0f07ba46.dll
2010-03-03 12:54 . 2010-03-03 12:54 217360 ----a-w- c:\programdata\MGS\cache\c\cashanovafreerangebonus_temp.598336f9707e832cab943342026367f4.dll
2010-03-03 12:52 . 2010-03-03 12:52 303376 ----a-w- c:\programdata\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
2010-03-03 12:52 . 2010-03-03 12:52 295184 ----a-w- c:\programdata\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
2010-03-03 12:51 . 2010-03-03 12:51 119056 ----a-w- c:\programdata\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
2010-03-03 12:47 . 2010-03-03 12:47 131344 ----a-w- c:\programdata\MGS\cache\b\bonus_threereel_types_1_2.19c24a05687d90864e9a9de516d92124.dll
2010-03-03 12:47 . 2010-03-03 12:47 45056 ----a-w- c:\programdata\MGS\cache\w\wheelofwealthbonus.273ed6671a16c67a5d50ecde6a66097a.dll
2010-03-03 12:47 . 2010-03-03 12:47 1486848 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_gao_dec_2009.cd728f719824c5074cc6023ea106ea1e.dll
2010-03-03 12:47 . 2010-03-03 12:47 618496 ----a-w- c:\programdata\MGS\cache\g\gamble2_gao_dec_2009.637d031249b1b22e0b31d5303f3811be.dll
2010-03-03 12:47 . 2010-03-03 12:47 679936 ----a-w- c:\programdata\MGS\cache\t\transition_gao_dec_2009.ddf657439bc1cbce99e8763fee9803a4.dll
2010-03-03 12:47 . 2010-03-03 12:47 1040384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_gao_dec_2009.f5605c1fe8513561f2bef5c3c0c1a546.dll
2010-03-03 12:43 . 2010-03-03 12:43 385024 ----a-w- c:\programdata\MGS\cache\b\bonusblackjack.dab6343a296b066bd5fe18d7c7d9940f.dll
2010-03-03 12:43 . 2010-03-03 12:43 483600 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_tggg.10cdcb3e64c301c60db4d11d2d7781a4.dll
2010-03-03 12:43 . 2010-03-03 12:43 446736 ----a-w- c:\programdata\MGS\cache\h\hilowbonus.ecf70c1bd892c000f22ce30d5b0ba784.dll
2010-03-03 12:43 . 2010-03-03 12:43 958464 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_flightzone.1173d08d2670eede892e3adf07022f08.dll
2010-03-03 12:40 . 2010-03-03 12:40 594192 ----a-w- c:\programdata\MGS\cache\s\snakesandladdersbonus.1b7d7437b87cc53b7a00c4efd2db679d.dll
2010-03-03 12:27 . 2010-03-03 12:27 61440 ----a-w- c:\programdata\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
2010-03-03 12:27 . 2010-03-03 12:27 57344 ----a-w- c:\programdata\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll
2010-03-03 12:26 . 2010-03-03 12:26 213089 ----a-w- c:\programdata\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
2010-03-03 12:26 . 2010-03-03 12:26 430352 ----a-w- c:\programdata\MGS\cache\s\simplepickxofyskillbonus.8d56aeea91f0d0bbdf41c578fbf38496.dll
2010-03-03 12:20 . 2010-03-03 12:20 376832 ----a-w- c:\programdata\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
2010-03-03 12:17 . 2010-03-03 12:17 1040384 ----a-w- c:\programdata\MGS\cache\a\advancedslots1xxx_novgao_09.0f4a9e5f0c3aacc5fd59c75d3646b44e.dll
2010-03-03 12:17 . 2010-03-03 12:17 1474560 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_novgao_09.bca283e127879ce59170c465ef11ba05.dll
2010-03-03 12:17 . 2010-03-03 12:17 897024 ----a-w- c:\programdata\MGS\cache\s\simplepickxofybonus_novgao_09.cf52962a5fbf37c5c088bd5d667653d4.dll
2010-03-03 12:17 . 2010-03-03 12:17 921600 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_novgao_09.2d0e2f5fb79a1dee2f0dba3ac916277d.dll
2010-03-03 12:17 . 2010-03-03 12:17 618496 ----a-w- c:\programdata\MGS\cache\g\gamble2_novgao_09.5e06bb19f897ab866a50c262ff639055.dll
2010-03-03 12:17 . 2010-03-03 12:17 679936 ----a-w- c:\programdata\MGS\cache\t\transition_novgao_09.002d2269f327b0c9a9e9f327bc91130b.dll
2010-03-03 12:11 . 2010-03-03 12:11 237840 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
2010-03-03 12:11 . 2010-03-03 12:11 217360 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
2010-03-03 12:10 . 2010-03-03 12:10 24638 ----a-w- c:\programdata\MGS\cache\_\_crt_scratch.960d1fa68750fa010e573df52f42c947.dll
2010-03-03 12:10 . 2010-03-03 12:10 421888 ----a-w- c:\programdata\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll
2010-03-03 12:10 . 2010-03-03 12:10 909584 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp.05f0b16a67acb189be99508aa088d348.dll
2010-03-03 12:10 . 2010-03-03 12:10 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_septgao_09.1d5fda158c9a9d1dcbf9e88c5355d884.dll
2010-03-03 12:10 . 2010-03-03 12:10 1904753 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2010-03-03 12:10 . 2010-03-03 12:10 829840 ----a-w- c:\programdata\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
2010-03-03 12:10 . 2010-03-03 12:10 1474560 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_wealthspa.548276e787b133afb9b912eb95b8b5c5.dll
2010-03-03 12:10 . 2010-03-03 12:10 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp2.198f2a88c7f89c1d0b1ded39e546e22b.dll
2010-03-03 12:10 . 2010-03-03 12:10 1638400 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_summerholiday.19e3e7b6f28b2f036c0b87d00fc799b9.dll
2010-03-03 12:10 . 2010-03-03 12:10 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1.d6634c03808be76623e7497fcb1eb424.dll
2010-03-03 12:10 . 2010-03-03 12:10 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_octgao_09.c2cbb8fc70fbf865a9d78d9a5874a4ce.dll
2010-03-03 12:09 . 2010-03-03 12:09 1626112 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_flightzone.40d3a7b3fae72091b79e1759db110c70.dll
2010-03-03 12:09 . 2010-03-03 12:09 367747 ----a-w- c:\programdata\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
2010-03-03 12:09 . 2010-03-03 12:09 327784 ----a-w- c:\programdata\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2010-03-03 12:09 . 2010-03-03 12:09 303204 ----a-w- c:\programdata\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2010-03-03 12:09 . 2010-03-03 12:09 311398 ----a-w- c:\programdata\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2010-02-25 19:48 . 2010-02-25 19:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-24 09:16 . 2009-10-03 07:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-04-03 07:35 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-03 07:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-03 07:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-03 07:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 11:22 . 2010-02-22 11:22 -------- d-----w- c:\programdata\QB9
2010-02-16 13:06 . 2009-01-31 14:26 -------- d-----w- c:\program files\Free Easy Burner
2010-02-16 10:45 . 2010-02-16 10:45 -------- d-----w- c:\programdata\WindowsSearch
2010-02-12 17:34 . 2010-02-12 17:34 40 ----a-w- c:\windows\ujf635.bin
2010-02-11 16:31 . 2010-02-11 16:31 233744 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
2010-02-11 16:31 . 2010-02-11 16:31 495888 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus.aa7eb4e3b4774e5cad0d4f8562ca860d.dll
2010-02-11 16:31 . 2010-02-11 16:31 561424 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll
2010-02-11 16:31 . 2010-02-11 16:31 1056768 ----a-w- c:\programdata\MGS\cache\s\simplepickuntilbonus_flightzone.1f65e9ffaab494fa7dea6b149ec7a671.dll
2010-02-11 16:30 . 2010-02-11 16:30 290941 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll
2010-02-11 16:30 . 2010-02-11 16:30 139264 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll
2010-02-11 16:30 . 2010-02-11 16:30 114688 ----a-w- c:\programdata\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll
2010-02-11 16:30 . 2010-02-11 16:30 246032 ----a-w- c:\programdata\MGS\cache\p\powerpokersuite1_nl.4b954e6e9e7bfe3947a12889040c706e.dll
2010-02-11 16:30 . 2010-02-11 16:30 225552 ----a-w- c:\programdata\MGS\cache\v\videopokersuite1.e45a40be28c5bc5514b9e806f30cdc6f.dll
2010-02-11 16:29 . 2010-02-11 16:29 200704 ----a-w- c:\programdata\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
2010-02-11 16:12 . 2010-02-11 16:12 32768 ----a-w- c:\programdata\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2010-02-11 16:11 . 2010-02-11 16:11 290922 ----a-w- c:\programdata\MGS\cache\m\mpvcommunityslotsplugin.3d81e7021617be93688755b2da22dceb.dll
2010-02-11 16:11 . 2010-02-11 16:11 282699 ----a-w- c:\programdata\MGS\cache\s\slotxxx.d425f74ccb6f6455be09ebe426c90c75.dll
2010-02-11 16:11 . 2010-02-11 16:11 262252 ----a-w- c:\programdata\MGS\cache\w\wheelofwealthbonusplugin.92047ad5bdc826b2122a71a16afa227d.dll
2010-02-11 16:11 . 2010-02-11 16:11 98390 ----a-w- c:\programdata\MGS\cache\s\singleobjects.8ee24693860e1ddd1e27939e8eb192aa.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2009-05-27 20:31 147928 ----a-w- c:\users\Angèle\AppData\Local\easyMule\modules\IE2EM.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 39408]
"Google Update"="c:\users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-24 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-08-18 206192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Angèle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-17 12:20 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-13 08:05 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-853564230-787149935-4199651853-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-02 721904]
R1 Lgmxk;Microsoft Lgmxk support;c:\windows\system32\drivers\Lgmxk.sys [2009-03-03 34432]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\System32\drivers\prodrv04.sys [x]
R2 gupdate1c9a72b5dea1ce2;Service Google Update (gupdate1c9a72b5dea1ce2);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 sbniyeyi;Brother MFC USB Serial WDM Controller;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-04 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-22 43552]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - dpuczth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sbniyeyi
.
Contenu du dossier 'Tâches planifiées'
2010-04-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-08 11:03]
2010-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-10 01:14]
2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 18:08]
2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 18:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: Ajouter à Change Mon Ecran - c:\windows\CmeIE.htm
IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
ShellIconOverlayIdentifiers-{1025695B-34D2-4F8C-BA61-37071754708F} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 22:12
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP000000227ECDEB2C1BF8330E 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpuczth]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-853564230-787149935-4199651853-1000\Software\SecuROM\License information*]
"datasecu"=hex:34,d7,6d,2c,58,b9,d0,2a,2a,73,c0,61,ec,28,80,e6,53,53,6d,f0,dd,
62,fe,cf,e0,73,97,57,ba,77,84,c8,36,88,c5,b3,72,40,a6,d6,2d,76,8d,72,09,d0,\
"rkeysecu"=hex:1b,d4,c9,fc,db,c7,9a,cb,ef,4d,01,ee,b8,97,76,d1
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-04-15 22:15:06
ComboFix-quarantined-files.txt 2010-04-15 20:15
Avant-CF: 48 310 267 904 octets libres
Après-CF: 51 950 538 752 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - A944B4C225FB6FF16838E57318D6F0A4
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
Modifié par nathandre le 15/04/2010 à 22:42
Modifié par nathandre le 15/04/2010 à 22:42
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
? Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/...
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
Une fois terminée , clic sur "terminer" et le programme se lancera seul
Choisis l'option Search
Une icône blanche et noire va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
Une autre rouge et noir te servira a désinstaller le prog a la fin de la désinfection.
? laisse travailler l'outil
A l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
Un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
? Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/...
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
Une fois terminée , clic sur "terminer" et le programme se lancera seul
Choisis l'option Search
Une icône blanche et noire va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
Une autre rouge et noir te servira a désinstaller le prog a la fin de la désinfection.
? laisse travailler l'outil
A l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
Un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
15 avril 2010 à 23:13
15 avril 2010 à 23:13
List'em by g3n-h@ckm@n 1.7.1.0
User : Angèle (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 23:00:02 | 15/04/2010
Athlon(tm) Dual Core Processor 4050e
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 143,02 Go (47,74 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 144,89 Go (144,72 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vsnpstd.exe
C:\Windows\System32\svchost.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Google Update REG_SZ "C:\Users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
AlcoholAutomount REG_SZ "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RtHDVCpl REG_SZ RtHDVCpl.exe
Acer Empowering Technology Monitor REG_SZ C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
EmpoweringTechnology REG_SZ C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
eDataSecurity Loader REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing REG_SZ C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
BkupTray REG_SZ "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
WarReg_PopUp REG_SZ C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
lxczbmgr.exe REG_SZ "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
snpstd REG_SZ C:\Windows\vsnpstd.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Hiyo REG_SZ C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\SOFTWARE
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)
allocatecdroms REG_SZ 0
SFCDisable REG_DWORD 0 (0x0)
System REG_SZ
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/
Local Page REG_SZ C:\Windows\System32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\Windows\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
========
Safemode
========
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" : OK !!
=========
Atapi.sys
=========
C:\Windows\ERDNT\cache\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys :
MD5 :: [1f05b78ab91c9075565a9d8a4b880bc4]
SHA256 :: [737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]
C:\Windows\System32\drivers\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys :
MD5 :: [4f4fcb8b6ea06784fb6d475b7ec7300f]
SHA256 :: [6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: ACER
Taille du volume = 143 Go
Espace libre = 47.76 Go
tendue d'espace libre la plus grande = 7.85 Go
Pourcentage de fragmentation des fichiers = 0 %
Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\Trymedia
Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Present !! : C:\Windows\System32\MSINET.oca
Present !! : C:\Users\AngSle\AppData\Local\timzf.bat
Present !! : C:\Users\AngSle\AppData\Local\d3d9caps.dat
Present !! : C:\Users\AngSle\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\AngSle\AppData\Roaming\.#
Present !! : C:\Users\AngSle\LOCAL Settings\Temp\rtdrvmon.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-853564230-787149935-4199651853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : "HKLM\software\Poker 770"
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 23:08:54
Windows 6.0.6001 Service Pack 1 FAT NTAPI
scanning hidden processes ...
C:\Program Files\List_Kill'em\swreg.exe [20504] 0xCE432D90
C:\Program Files\List_Kill'em\swreg.exe [20612] 0x88FBBD90
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 2
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x856A01F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8569f1f8
IoDeviceObjectType -> ParseProcedure -> 0x10000
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x10000
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 23:08:55,54
User : Angèle (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 23:00:02 | 15/04/2010
Athlon(tm) Dual Core Processor 4050e
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 143,02 Go (47,74 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 144,89 Go (144,72 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vsnpstd.exe
C:\Windows\System32\svchost.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Google Update REG_SZ "C:\Users\Angèle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
AlcoholAutomount REG_SZ "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RtHDVCpl REG_SZ RtHDVCpl.exe
Acer Empowering Technology Monitor REG_SZ C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
EmpoweringTechnology REG_SZ C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
eDataSecurity Loader REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing REG_SZ C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
BkupTray REG_SZ "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
WarReg_PopUp REG_SZ C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
lxczbmgr.exe REG_SZ "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
snpstd REG_SZ C:\Windows\vsnpstd.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Hiyo REG_SZ C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\SOFTWARE
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)
allocatecdroms REG_SZ 0
SFCDisable REG_DWORD 0 (0x0)
System REG_SZ
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/
Local Page REG_SZ C:\Windows\System32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\Windows\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
========
Safemode
========
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" : OK !!
=========
Atapi.sys
=========
C:\Windows\ERDNT\cache\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys :
MD5 :: [1f05b78ab91c9075565a9d8a4b880bc4]
SHA256 :: [737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd]
C:\Windows\System32\drivers\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys :
MD5 :: [4f4fcb8b6ea06784fb6d475b7ec7300f]
SHA256 :: [6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys :
MD5 :: [2d9c903dc76a66813d350a562de40ed9]
SHA256 :: [82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: ACER
Taille du volume = 143 Go
Espace libre = 47.76 Go
tendue d'espace libre la plus grande = 7.85 Go
Pourcentage de fragmentation des fichiers = 0 %
Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\aygda_save.log
Present !! : C:\ProgramData\doicrane_save.log
Present !! : C:\ProgramData\ETM2.txt
Present !! : C:\ProgramData\LauncherAccess.dt
Present !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Present !! : C:\ProgramData\Trymedia
Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Present !! : C:\Windows\System32\MSINET.oca
Present !! : C:\Users\AngSle\AppData\Local\timzf.bat
Present !! : C:\Users\AngSle\AppData\Local\d3d9caps.dat
Present !! : C:\Users\AngSle\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\AngSle\AppData\Roaming\.#
Present !! : C:\Users\AngSle\LOCAL Settings\Temp\rtdrvmon.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_USERS\S-1-5-21-853564230-787149935-4199651853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Present !! : "HKLM\Software\Trymedia Systems"
Present !! : "HKLM\software\Poker 770"
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 23:08:54
Windows 6.0.6001 Service Pack 1 FAT NTAPI
scanning hidden processes ...
C:\Program Files\List_Kill'em\swreg.exe [20504] 0xCE432D90
C:\Program Files\List_Kill'em\swreg.exe [20612] 0x88FBBD90
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 2
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x856A01F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8569f1f8
IoDeviceObjectType -> ParseProcedure -> 0x10000
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x10000
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 23:08:55,54
Utilisateur anonyme
15 avril 2010 à 23:31
15 avril 2010 à 23:31
? Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
? choisis l'Option Clean
Ton PC va redemarrer,
Laisse travailler l'outil.
En fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
? Colle le contenu dans ta réponse
Il y a une infection probable de rootkit MBR, on va voir cela après
mais cette fois-ci :
? choisis l'Option Clean
Ton PC va redemarrer,
Laisse travailler l'outil.
En fin de scan la fenêtre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
? Colle le contenu dans ta réponse
Il y a une infection probable de rootkit MBR, on va voir cela après
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
15 avril 2010 à 23:58
15 avril 2010 à 23:58
Kill'em by g3n-h@ckm@n 1.7.1.0
User : Angèle (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 23:40:28 | 15/04/2010
Athlon(tm) Dual Core Processor 4050e
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 143,02 Go (47,67 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 144,89 Go (144,72 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\ProgramData\aygda_save.log
Quarantined & Deleted !! : C:\ProgramData\doicrane_save.log
Quarantined & Deleted !! : C:\ProgramData\ETM2.txt
Quarantined & Deleted !! : C:\ProgramData\LauncherAccess.dt
Quarantined & Deleted !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Quarantined & Deleted !! : C:\ProgramData\Trymedia
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Quarantined & Deleted !! : C:\Windows\System32\MSINET.oca
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\timzf.bat
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Roaming\.#
Quarantined & Deleted !! : C:\Users\AngSle\LOCAL Settings\Temp\rtdrvmon.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I0LZYTI.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I4K0R83
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I8M21U5
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IHN61K1
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IKMIDKS
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$ISV45VU
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IV28M90
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IVYWD4H.rar
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$R0LZYTI.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$RVYWD4H.rar
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Deleted : "HKLM\Software\Trymedia Systems"
Deleted : "HKLM\software\Poker 770"
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Angèle (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 23:40:28 | 15/04/2010
Athlon(tm) Dual Core Processor 4050e
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 143,02 Go (47,67 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 144,89 Go (144,72 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\ProgramData\aygda_save.log
Quarantined & Deleted !! : C:\ProgramData\doicrane_save.log
Quarantined & Deleted !! : C:\ProgramData\ETM2.txt
Quarantined & Deleted !! : C:\ProgramData\LauncherAccess.dt
Quarantined & Deleted !! : C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
Quarantined & Deleted !! : C:\ProgramData\Trymedia
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Quarantined & Deleted !! : C:\Windows\System32\MSINET.oca
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\timzf.bat
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\AngSle\AppData\Roaming\.#
Quarantined & Deleted !! : C:\Users\AngSle\LOCAL Settings\Temp\rtdrvmon.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I0LZYTI.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I4K0R83
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$I8M21U5
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IHN61K1
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IKMIDKS
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$ISV45VU
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IV28M90
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$IVYWD4H.rar
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$R0LZYTI.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-853564230-787149935-4199651853-1000\$RVYWD4H.rar
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\snpstd
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Deleted : "HKLM\Software\Trymedia Systems"
Deleted : "HKLM\software\Poker 770"
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
FirstRunDisabled REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
16 avril 2010 à 00:18
16 avril 2010 à 00:18
ok merci bonne nuit
Utilisateur anonyme
16 avril 2010 à 11:31
16 avril 2010 à 11:31
Bonjour
Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe
et enregistre le fichier sur le Bureau.
Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe
Sous Vista, ne pas oublier de lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.
Un rapport sera généré : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.
Si c'est le cas, continue comme ça :
Dans le menu Démarrer- Exécuter tape : "%userprofile%\Desktop\mbr" -f
Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"
Réactive tes protections
Poste ce rapport et supprimes-le ensuite.
Pour vérifier
Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Relance mbr.exe
Réactive tes protections.
Le nouveau mbr.log devrait être celui-ci :
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.
Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe
et enregistre le fichier sur le Bureau.
Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe
Sous Vista, ne pas oublier de lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.
Un rapport sera généré : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.
Si c'est le cas, continue comme ça :
Dans le menu Démarrer- Exécuter tape : "%userprofile%\Desktop\mbr" -f
Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"
Réactive tes protections
Poste ce rapport et supprimes-le ensuite.
Pour vérifier
Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Relance mbr.exe
Réactive tes protections.
Le nouveau mbr.log devrait être celui-ci :
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
16 avril 2010 à 13:38
16 avril 2010 à 13:38
bonjour
cela me met ça :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x856a01f8
IoDeviceObjectType -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
\Device\Harddisk0\DR0 -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
est ce que je dois faire la suite ?
Si oui je tape exactement ça ? "%userprofile%\Desktop\mbr" -f
ou je change userprofile ?
cela me met ça :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x856a01f8
IoDeviceObjectType -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
\Device\Harddisk0\DR0 -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
est ce que je dois faire la suite ?
Si oui je tape exactement ça ? "%userprofile%\Desktop\mbr" -f
ou je change userprofile ?
Utilisateur anonyme
Modifié par nathandre le 16/04/2010 à 13:40
Modifié par nathandre le 16/04/2010 à 13:40
Tape exactement ceci "%userprofile%\Desktop\mbr" -f
n'oublie pas les guillemets
n'oublie pas les guillemets
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
Modifié par melina99 le 16/04/2010 à 13:55
Modifié par melina99 le 16/04/2010 à 13:55
ça n'a rien changé !
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x856a01f8
IoDeviceObjectType -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
\Device\Harddisk0\DR0 -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x856a01f8
IoDeviceObjectType -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
\Device\Harddisk0\DR0 -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Utilisateur anonyme
16 avril 2010 à 14:15
16 avril 2010 à 14:15
Relance List Kill'em et sélectionne l'option 6 (restore MBR)
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
16 avril 2010 à 14:20
16 avril 2010 à 14:20
ça me donne le même rapport
Utilisateur anonyme
17 avril 2010 à 16:59
17 avril 2010 à 16:59
bonjour
Je suis à la recherche d'une solution pour régler ce problème
Je suis à la recherche d'une solution pour régler ce problème
Utilisateur anonyme
17 avril 2010 à 17:47
17 avril 2010 à 17:47
C:\WINDOWS\System32\ntoskrnl.exe
C:\WINDOWS\System32\Drivers\CLASSPNP.SYS
C:\WINDOWS\System32\Drivers\disk.sys
C:\WINDOWS\System32\Drivers\acpi.sys
C:\WINDOWS\System32\hal.dll
Analyse ces fichiers sur Virus Total
https://www.virustotal.com/gui/
Clique sur parcourir
Dans la fenêtre qui s'ouvre, cherche le fichier et sélectionne le, puis clique sur ouvrir
Clique sur envoyer le fichier
une fois le scan terminé, donne moi le résultat
melina99
Messages postés
10
Date d'inscription
jeudi 15 avril 2010
Statut
Membre
Dernière intervention
17 avril 2010
17 avril 2010 à 18:46
17 avril 2010 à 18:46
bonjour,
tout est à 0 ! rien de trouvé !
tout est à 0 ! rien de trouvé !
Utilisateur anonyme
18 avril 2010 à 15:07
18 avril 2010 à 15:07
bonjour
est-ce que je pourrai voir les rapports, car c'est pour voir
si les fichiers ont toujours une signature numérique
est-ce que je pourrai voir les rapports, car c'est pour voir
si les fichiers ont toujours une signature numérique