Bug pc
willow93
-
willow93 -
willow93 -
Salut à tous
Voila, j'ai un bug sur mon ordi, il plante au bout de quelques minutes, plus précisément tout se fige, ctrl+supr inefficace
Je précise que j'ai été infecté recemment par Antivur Doctor ou un truc comme ça. Peut être en reste il des traces...
Aucun malware détecté par Malwarebytes
Voici mon rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:43, on 30/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
K:\Program Files\Avira\AntiVir Desktop\avgnt.exe
K:\Program Files\QuickTime\qttask.exe
K:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
K:\Program Files\Avira\AntiVir Desktop\avguard.exe
L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
k:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
k:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wuauclt.exe
k:\Program Files\NetLimiter 2 Pro\NLClient.exe
K:\Program Files\firefox.exe
L:\Willow\programmes\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=10148&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: hotrevenue browser enhancer - {DB704689-3FF5-A289-4309-D30A083463BF} - C:\WINDOWS\system32\tbojphdlxsegpie.dll (file missing)
O2 - BHO: Java(TM) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "K:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [SuperCopier2.exe] K:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S1E.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1268517640233
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - K:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - K:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - L:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - k:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - k:\Program Files\RealVNC\VNC4\WinVNC4.exe
A voir également:
- Bug pc
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
44 réponses
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
02/05/2010 16:34:11
mbam-log-2010-05-02 (16-34-11).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 152854
Temps écoulé: 4 minute(s), 19 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
www.malwarebytes.org
Version de la base de données: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
02/05/2010 16:34:11
mbam-log-2010-05-02 (16-34-11).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 152854
Temps écoulé: 4 minute(s), 19 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Re
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
il est fort déconseillé de le transposer sur un autre ordinateur !
-----------------------------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
* Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
* Copie/colle dans le bloc-notes ce qui est en grastre les ci dessous
KillAll::
Driver::
lewlhljw
Netsvc::
lewlhljw
File::
c:\windows\System32\svchost.exe -k netsvcs
* Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
* Quitte le Bloc Notes
* Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
http://img517.imageshack.us/img517/8662/cfscript10uc2.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
@+
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
il est fort déconseillé de le transposer sur un autre ordinateur !
-----------------------------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
* Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
* Copie/colle dans le bloc-notes ce qui est en grastre les ci dessous
KillAll::
Driver::
lewlhljw
Netsvc::
lewlhljw
File::
c:\windows\System32\svchost.exe -k netsvcs
* Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
* Quitte le Bloc Notes
* Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien :
http://img517.imageshack.us/img517/8662/cfscript10uc2.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
@+
ComboFix 10-05-01.01 - willow 02/05/2010 19:47:44.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1621 [GMT 2:00]
Lancé depuis: l:\documents and settings\willow\Bureau\ComboFix.exe
Commutateurs utilisés :: l:\documents and settings\willow\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\System32\svchost.exe -k netsvcs"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LEWLHLJW
-------\Service_lewlhljw
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-02 au 2010-05-02 ))))))))))))))))))))))))))))))))))))
.
2010-05-01 15:31 . 2010-05-01 15:55 -------- d-----w- C:\UsbFix
2010-05-01 11:39 . 2010-05-01 13:14 -------- d-----w- C:\Ad-Remover
2010-04-28 21:50 . 2010-04-28 21:50 -------- d-----w- l:\documents and settings\Downloads\The Full Monty
2010-04-27 22:39 . 2010-04-27 22:39 -------- d-----w- l:\documents and settings\Downloads\Twilight[2008]VOSTFR-DvDrip-AIA
2010-04-27 22:28 . 2010-04-29 01:09 -------- d-----w- l:\documents and settings\Downloads\Dancer in the Dark
2010-04-27 22:28 . 2010-04-27 22:28 -------- d-----w- l:\documents and settings\Downloads
2010-04-27 20:36 . 2010-04-30 11:33 -------- d-----w- l:\documents and settings\willow\Application Data\BitTorrent
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-s---w- l:\documents and settings\LocalService.AUTORITE NT\UserData
2010-04-25 20:28 . 2010-04-25 20:28 -------- d-----w- c:\program files\Enigma Software Group
2010-04-25 20:28 . 2010-04-26 18:41 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-25 20:15 . 2010-04-25 20:15 -------- d-s---w- l:\documents and settings\NetworkService.AUTORITE NT\UserData
2010-04-23 16:11 . 2010-04-30 13:16 -------- d-----w- l:\documents and settings\Risen\SaveGames
2010-04-23 16:11 . 2010-04-23 16:12 -------- d-----w- l:\documents and settings\willow\Local Settings\Application Data\Risen
2010-04-23 16:11 . 2010-04-23 16:11 -------- d-----w- l:\documents and settings\Risen
2010-04-23 16:08 . 2010-04-23 16:08 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-23 16:08 . 2010-04-23 16:08 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-18 13:14 . 2010-04-18 13:28 -------- d-----w- l:\documents and settings\willow\Application Data\gtk-2.0
2010-04-18 12:57 . 2010-04-18 12:57 -------- d-----w- l:\documents and settings\willow\.thumbnails
2010-04-18 12:56 . 2010-04-18 12:56 -------- d-----w- l:\documents and settings\gegl-0.0\plug-ins
2010-04-18 12:56 . 2010-04-18 12:56 -------- d-----w- l:\documents and settings\gegl-0.0
2010-04-16 22:03 . 2010-04-16 22:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-12 16:56 . 2001-07-13 11:56 14976 ----a-w- c:\windows\system32\drivers\SBKUPNT.SYS
2010-04-12 16:56 . 1997-02-08 15:11 13312 ----a-w- c:\windows\system32\DEVLOAD.EXE
2010-04-12 16:34 . 2010-04-12 16:34 -------- d-----w- c:\program files\Restore
2010-04-12 16:27 . 2010-04-12 16:34 249856 ------w- c:\windows\Setup1.exe
2010-04-12 16:27 . 2010-04-12 16:34 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 15:31 . 2010-04-08 15:31 -------- d--h--w- c:\windows\PIF
2010-04-07 09:33 . 2010-04-07 09:33 -------- d-----w- l:\documents and settings\willow\Local Settings\Application Data\Gas Powered Games
2010-04-07 09:21 . 2010-04-07 09:21 -------- d-----w- C:\temp
2010-04-07 09:20 . 2010-04-07 09:20 -------- d-----w- l:\documents and settings\willow\Application Data\Media Center Programs
2010-04-07 09:13 . 2010-04-07 09:13 -------- d-----w- l:\documents and settings\willow\Application Data\InstallShield Installation Information
2010-04-04 15:12 . 2010-04-04 15:12 -------- d-----w- l:\documents and settings\All Users\Application Data\BioWare
2010-04-04 15:07 . 2010-04-04 15:16 -------- d-----w- l:\documents and settings\BioWare\Dragon Age
2010-04-03 16:47 . 2010-04-03 16:47 -------- d-----w- l:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple
2010-04-02 18:54 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-02 18:54 . 2010-04-02 18:54 -------- d-----w- c:\program files\ATI
2010-04-02 18:52 . 2010-04-02 18:52 -------- d-----w- C:\ATI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 16:15 . 2010-03-21 00:00 -------- d-----w- l:\documents and settings\willow\Application Data\vlc
2010-04-29 13:39 . 2010-03-21 13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-21 13:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 20:28 . 2010-03-20 18:45 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-04-25 20:15 . 2010-03-22 14:55 -------- d-----w- l:\documents and settings\willow\Application Data\QuickScan
2010-04-23 16:03 . 2010-03-13 14:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 13:29 . 2010-03-16 08:44 -------- d-----w- l:\documents and settings\willow\Application Data\dvdcss
2010-04-22 03:26 . 2010-03-22 01:07 -------- d-----w- c:\program files\Google
2010-04-02 18:54 . 2010-03-13 16:12 -------- d-----w- c:\program files\ATI Technologies
2010-04-02 12:38 . 2010-04-02 12:38 384 ----a-w- l:\documents and settings\im_lastritual\user.tmp
2010-04-02 12:07 . 2010-04-02 12:07 -------- d-----w- l:\documents and settings\willow\Application Data\Apple Computer
2010-04-02 12:05 . 2010-03-31 20:36 -------- d-----w- l:\documents and settings\All Users\Application Data\Apple Computer
2010-04-01 10:03 . 2010-04-01 10:03 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-01 09:38 . 2010-03-31 16:36 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-31 22:04 . 2010-03-20 18:45 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- l:\documents and settings\All Users\Application Data\Apple
2010-03-31 17:03 . 2010-03-31 17:02 -------- d-----w- l:\documents and settings\All Users\Application Data\QuickTime
2010-03-31 16:43 . 2010-03-20 18:17 -------- d-----w- c:\program files\SpeedFan
2010-03-31 16:36 . 2010-03-31 16:35 -------- d-----w- c:\program files\Gigabyte
2010-03-31 16:34 . 2010-03-13 14:30 16608 ----a-w- c:\windows\gdrv.sys
2010-03-31 12:04 . 2010-03-31 12:04 -------- d-----w- l:\documents and settings\willow\Application Data\EPSON
2010-03-28 13:02 . 2001-08-28 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 13:02 . 2001-08-28 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-27 22:49 . 2010-03-27 22:31 -------- d-----w- c:\program files\DivX
2010-03-27 22:49 . 2010-03-27 22:30 -------- d-----w- l:\documents and settings\All Users\Application Data\DivX
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2010-03-24 14:13 . 2010-03-24 14:13 67128 ----a-w- l:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-24 14:10 . 2010-03-20 17:25 -------- d-----w- c:\program files\Fichiers communs\BioWare
2010-03-24 13:49 . 2010-03-24 13:38 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-03-24 13:35 . 2010-03-24 13:35 -------- d-----w- c:\program files\Rockstar Games
2010-03-24 13:32 . 2010-03-24 13:29 -------- d-----w- l:\documents and settings\willow\Application Data\DeepBurner
2010-03-24 12:50 . 2010-03-13 14:24 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-22 17:14 . 2010-03-22 16:59 -------- d-----w- l:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-22 17:02 . 2010-03-22 17:02 -------- d-----w- c:\program files\trend micro
2010-03-21 13:29 . 2010-03-21 13:29 -------- d-----w- l:\documents and settings\willow\Application Data\Malwarebytes
2010-03-21 13:29 . 2010-03-21 13:29 -------- d-----w- l:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-20 17:23 . 2010-03-20 17:23 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-20 17:10 . 2010-03-13 16:11 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-03-20 17:09 . 2010-03-20 17:09 -------- d-----w- c:\program files\Bayo
2010-03-20 17:09 . 2010-03-20 17:09 -------- d-----w- c:\program files\Fichiers communs\Bayo
2010-03-20 16:44 . 2010-03-20 16:44 -------- d-----w- c:\program files\Intel
2010-03-17 17:28 . 2010-03-16 09:06 17280 ----a-w- l:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-17 16:52 . 2010-03-17 16:52 -------- d-----w- c:\program files\MSBuild
2010-03-17 16:52 . 2010-03-17 16:52 -------- d-----w- c:\program files\Reference Assemblies
2010-03-17 16:50 . 2010-03-17 16:50 -------- d-----w- c:\program files\MSXML 6.0
2010-03-16 08:56 . 2010-03-16 08:56 -------- d-----w- l:\documents and settings\Administrateur\Application Data\OpenOffice.org
2010-03-14 14:05 . 2010-03-14 14:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-14 14:04 . 2010-03-14 14:04 -------- d-----w- c:\program files\epson
2010-03-14 11:14 . 2010-03-13 14:31 -------- d-----w- c:\program files\Realtek
2010-03-14 11:14 . 2010-03-14 11:14 315392 ----a-w- c:\windows\HideWin.exe
2010-03-13 19:54 . 2010-03-13 19:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-13 19:54 . 2010-03-13 19:54 -------- d-----w- c:\program files\Java
2010-03-13 19:35 . 2010-03-13 19:35 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-13 18:17 . 2010-03-13 18:17 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-13 16:21 . 2010-03-13 16:21 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 16:18 . 2010-03-13 16:16 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies
2010-03-13 14:24 . 2010-03-13 14:24 -------- d-----w- c:\program files\microsoft frontpage
2010-03-13 14:22 . 2010-03-13 14:22 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 14:22 . 2010-03-13 14:22 -------- d-----w- c:\program files\Services en ligne
2010-03-09 11:10 . 2001-08-28 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 04:21 . 2009-08-14 04:27 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-03-13 16:12 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2009-08-14 01:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2009-08-14 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2009-08-14 01:19 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2009-08-14 01:47 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-03-13 16:12 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2009-08-14 01:58 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2009-08-14 02:27 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2009-08-14 02:10 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2009-08-14 01:42 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2009-08-14 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-03-13 16:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-03-13 16:12 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2009-08-14 02:09 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2009-08-14 02:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2009-08-14 02:09 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2009-08-14 02:06 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2009-08-14 01:21 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2009-08-14 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2009-08-14 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2009-08-14 01:17 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2009-08-14 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2009-08-14 01:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-26 05:42 . 2001-08-28 12:00 671232 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:42 . 2010-03-14 11:01 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 19:55 . 2010-03-13 16:12 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-24 13:11 . 2001-08-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2001-08-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2001-08-23 17:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-18 16:58 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2001-08-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-08-28 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 08:01 . 2010-03-31 22:12 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-03-31 22:12 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-01_17.59.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-02 17:55 . 2010-05-02 17:55 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-02 17:52 . 2010-05-02 17:52 16384 c:\windows\temp\Perflib_Perfdata_7f0.dat
+ 2010-05-02 17:55 . 2010-05-02 17:55 32768 c:\windows\temp\Historique\History.IE5\MSHist012010050220100503\index.dat
+ 2010-05-02 17:55 . 2010-05-02 17:55 32768 c:\windows\temp\Historique\History.IE5\index.dat
- 2010-05-01 15:35 . 2010-05-01 17:59 32768 c:\windows\Temp\Historique\History.IE5\index.dat
+ 2010-05-02 17:55 . 2010-05-02 17:55 16384 c:\windows\temp\Cookies\index.dat
- 2010-05-01 15:35 . 2010-05-01 17:59 16384 c:\windows\Temp\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="k:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"avgnt"="k:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="k:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
l:\documents and settings\Administrateur\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - k:\program files\oo\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKLM\~\startupfolder\L:^Documents and Settings^willow^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk]
path=l:\documents and settings\willow\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- k:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- k:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
2007-07-26 13:05 20480 ----a-w- c:\program files\Gigabyte\ET5Pro\ETcall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- k:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SteamUp]
2010-03-20 19:14 1217872 ----a-w- k:\program files\Cracked Steam\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"k:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"k:\\Program Files\\eMule\\eMule.exe"=
"l:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"l:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"k:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"l:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"l:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"l:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"l:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"l:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"k:\\Program Files\\Ubi Soft\\dernierrituel\\rituel.exe"=
"l:\\Program Files\\Call Of duty modern 2\\iw4sp.exe"=
"l:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"l:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"l:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"k:\\Program Files\\BitTorrent\\bittorrent.exe"=
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [13/03/2010 21:37 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [13/03/2010 21:37 45416]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;k:\program files\Avira\AntiVir Desktop\sched.exe [13/03/2010 21:37 108289]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [12/04/2010 18:56 14976]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2010 03:07 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;l:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15/12/2009 22:07 25832]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;k:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [13/03/2010 21:46 23152]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21/03/2010 15:29 38224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/03/2010 16:05 691696]
.
Contenu du dossier 'Tâches planifiées'
2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:07]
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:07]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: k:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: k:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
k:\program files\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
k:\program files\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
k:\program files\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
k:\program files\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 19:55
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89BDFCC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> 0x89bdfcc8
\Driver\atapi -> atapi.sys @ 0xb9f36852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x88ffc5c0
PacketIndicateHandler -> NDIS.sys @ 0xb9e4fa21
SendHandler -> NDIS.sys @ 0xb9e2d87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x057545301
malicious code @ sector 0x057545304 !
PE file found in sector at 0x05754531A !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\k:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1004336348-57989841-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:31,c4,1c,c8,15,4c,36,f4,ab,0e,80,87,60,2d,8e,22,62,30,1e,8c,0d,
b7,f8,4d,a3,8a,d5,2f,da,9c,eb,f7,bc,67,04,ca,71,33,30,c3,f2,99,b4,ad,68,be,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
k:\program files\Avira\AntiVir Desktop\avguard.exe
l:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
l:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
k:\program files\NetLimiter 2 Pro\nlsvc.exe
k:\program files\RealVNC\VNC4\WinVNC4.exe
k:\program files\NetLimiter 2 Pro\NLClient.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2010-05-02 19:57:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-02 17:57
ComboFix2.txt 2010-05-01 18:01
Avant-CF: 815 874 048 octets libres
Après-CF: 787 542 016 octets libres
- - End Of File - - D2D002CE4551F709185A4B5AA792C715
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1621 [GMT 2:00]
Lancé depuis: l:\documents and settings\willow\Bureau\ComboFix.exe
Commutateurs utilisés :: l:\documents and settings\willow\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\System32\svchost.exe -k netsvcs"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LEWLHLJW
-------\Service_lewlhljw
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-02 au 2010-05-02 ))))))))))))))))))))))))))))))))))))
.
2010-05-01 15:31 . 2010-05-01 15:55 -------- d-----w- C:\UsbFix
2010-05-01 11:39 . 2010-05-01 13:14 -------- d-----w- C:\Ad-Remover
2010-04-28 21:50 . 2010-04-28 21:50 -------- d-----w- l:\documents and settings\Downloads\The Full Monty
2010-04-27 22:39 . 2010-04-27 22:39 -------- d-----w- l:\documents and settings\Downloads\Twilight[2008]VOSTFR-DvDrip-AIA
2010-04-27 22:28 . 2010-04-29 01:09 -------- d-----w- l:\documents and settings\Downloads\Dancer in the Dark
2010-04-27 22:28 . 2010-04-27 22:28 -------- d-----w- l:\documents and settings\Downloads
2010-04-27 20:36 . 2010-04-30 11:33 -------- d-----w- l:\documents and settings\willow\Application Data\BitTorrent
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-s---w- l:\documents and settings\LocalService.AUTORITE NT\UserData
2010-04-25 20:28 . 2010-04-25 20:28 -------- d-----w- c:\program files\Enigma Software Group
2010-04-25 20:28 . 2010-04-26 18:41 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-25 20:15 . 2010-04-25 20:15 -------- d-s---w- l:\documents and settings\NetworkService.AUTORITE NT\UserData
2010-04-23 16:11 . 2010-04-30 13:16 -------- d-----w- l:\documents and settings\Risen\SaveGames
2010-04-23 16:11 . 2010-04-23 16:12 -------- d-----w- l:\documents and settings\willow\Local Settings\Application Data\Risen
2010-04-23 16:11 . 2010-04-23 16:11 -------- d-----w- l:\documents and settings\Risen
2010-04-23 16:08 . 2010-04-23 16:08 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-23 16:08 . 2010-04-23 16:08 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-18 13:14 . 2010-04-18 13:28 -------- d-----w- l:\documents and settings\willow\Application Data\gtk-2.0
2010-04-18 12:57 . 2010-04-18 12:57 -------- d-----w- l:\documents and settings\willow\.thumbnails
2010-04-18 12:56 . 2010-04-18 12:56 -------- d-----w- l:\documents and settings\gegl-0.0\plug-ins
2010-04-18 12:56 . 2010-04-18 12:56 -------- d-----w- l:\documents and settings\gegl-0.0
2010-04-16 22:03 . 2010-04-16 22:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-12 16:56 . 2001-07-13 11:56 14976 ----a-w- c:\windows\system32\drivers\SBKUPNT.SYS
2010-04-12 16:56 . 1997-02-08 15:11 13312 ----a-w- c:\windows\system32\DEVLOAD.EXE
2010-04-12 16:34 . 2010-04-12 16:34 -------- d-----w- c:\program files\Restore
2010-04-12 16:27 . 2010-04-12 16:34 249856 ------w- c:\windows\Setup1.exe
2010-04-12 16:27 . 2010-04-12 16:34 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 15:31 . 2010-04-08 15:31 -------- d--h--w- c:\windows\PIF
2010-04-07 09:33 . 2010-04-07 09:33 -------- d-----w- l:\documents and settings\willow\Local Settings\Application Data\Gas Powered Games
2010-04-07 09:21 . 2010-04-07 09:21 -------- d-----w- C:\temp
2010-04-07 09:20 . 2010-04-07 09:20 -------- d-----w- l:\documents and settings\willow\Application Data\Media Center Programs
2010-04-07 09:13 . 2010-04-07 09:13 -------- d-----w- l:\documents and settings\willow\Application Data\InstallShield Installation Information
2010-04-04 15:12 . 2010-04-04 15:12 -------- d-----w- l:\documents and settings\All Users\Application Data\BioWare
2010-04-04 15:07 . 2010-04-04 15:16 -------- d-----w- l:\documents and settings\BioWare\Dragon Age
2010-04-03 16:47 . 2010-04-03 16:47 -------- d-----w- l:\documents and settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Apple
2010-04-02 18:54 . 2010-03-03 03:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-02 18:54 . 2010-04-02 18:54 -------- d-----w- c:\program files\ATI
2010-04-02 18:52 . 2010-04-02 18:52 -------- d-----w- C:\ATI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 16:15 . 2010-03-21 00:00 -------- d-----w- l:\documents and settings\willow\Application Data\vlc
2010-04-29 13:39 . 2010-03-21 13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-21 13:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 20:28 . 2010-03-20 18:45 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-04-25 20:15 . 2010-03-22 14:55 -------- d-----w- l:\documents and settings\willow\Application Data\QuickScan
2010-04-23 16:03 . 2010-03-13 14:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 13:29 . 2010-03-16 08:44 -------- d-----w- l:\documents and settings\willow\Application Data\dvdcss
2010-04-22 03:26 . 2010-03-22 01:07 -------- d-----w- c:\program files\Google
2010-04-02 18:54 . 2010-03-13 16:12 -------- d-----w- c:\program files\ATI Technologies
2010-04-02 12:38 . 2010-04-02 12:38 384 ----a-w- l:\documents and settings\im_lastritual\user.tmp
2010-04-02 12:07 . 2010-04-02 12:07 -------- d-----w- l:\documents and settings\willow\Application Data\Apple Computer
2010-04-02 12:05 . 2010-03-31 20:36 -------- d-----w- l:\documents and settings\All Users\Application Data\Apple Computer
2010-04-01 10:03 . 2010-04-01 10:03 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-01 09:38 . 2010-03-31 16:36 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-31 22:04 . 2010-03-20 18:45 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- l:\documents and settings\All Users\Application Data\Apple
2010-03-31 17:03 . 2010-03-31 17:02 -------- d-----w- l:\documents and settings\All Users\Application Data\QuickTime
2010-03-31 16:43 . 2010-03-20 18:17 -------- d-----w- c:\program files\SpeedFan
2010-03-31 16:36 . 2010-03-31 16:35 -------- d-----w- c:\program files\Gigabyte
2010-03-31 16:34 . 2010-03-13 14:30 16608 ----a-w- c:\windows\gdrv.sys
2010-03-31 12:04 . 2010-03-31 12:04 -------- d-----w- l:\documents and settings\willow\Application Data\EPSON
2010-03-28 13:02 . 2001-08-28 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 13:02 . 2001-08-28 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-27 22:49 . 2010-03-27 22:31 -------- d-----w- c:\program files\DivX
2010-03-27 22:49 . 2010-03-27 22:30 -------- d-----w- l:\documents and settings\All Users\Application Data\DivX
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2010-03-24 14:13 . 2010-03-24 14:13 67128 ----a-w- l:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-24 14:10 . 2010-03-20 17:25 -------- d-----w- c:\program files\Fichiers communs\BioWare
2010-03-24 13:49 . 2010-03-24 13:38 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-03-24 13:35 . 2010-03-24 13:35 -------- d-----w- c:\program files\Rockstar Games
2010-03-24 13:32 . 2010-03-24 13:29 -------- d-----w- l:\documents and settings\willow\Application Data\DeepBurner
2010-03-24 12:50 . 2010-03-13 14:24 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-22 17:14 . 2010-03-22 16:59 -------- d-----w- l:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-22 17:02 . 2010-03-22 17:02 -------- d-----w- c:\program files\trend micro
2010-03-21 13:29 . 2010-03-21 13:29 -------- d-----w- l:\documents and settings\willow\Application Data\Malwarebytes
2010-03-21 13:29 . 2010-03-21 13:29 -------- d-----w- l:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-20 17:23 . 2010-03-20 17:23 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-20 17:10 . 2010-03-13 16:11 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-03-20 17:09 . 2010-03-20 17:09 -------- d-----w- c:\program files\Bayo
2010-03-20 17:09 . 2010-03-20 17:09 -------- d-----w- c:\program files\Fichiers communs\Bayo
2010-03-20 16:44 . 2010-03-20 16:44 -------- d-----w- c:\program files\Intel
2010-03-17 17:28 . 2010-03-16 09:06 17280 ----a-w- l:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-17 16:52 . 2010-03-17 16:52 -------- d-----w- c:\program files\MSBuild
2010-03-17 16:52 . 2010-03-17 16:52 -------- d-----w- c:\program files\Reference Assemblies
2010-03-17 16:50 . 2010-03-17 16:50 -------- d-----w- c:\program files\MSXML 6.0
2010-03-16 08:56 . 2010-03-16 08:56 -------- d-----w- l:\documents and settings\Administrateur\Application Data\OpenOffice.org
2010-03-14 14:05 . 2010-03-14 14:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-14 14:04 . 2010-03-14 14:04 -------- d-----w- c:\program files\epson
2010-03-14 11:14 . 2010-03-13 14:31 -------- d-----w- c:\program files\Realtek
2010-03-14 11:14 . 2010-03-14 11:14 315392 ----a-w- c:\windows\HideWin.exe
2010-03-13 19:54 . 2010-03-13 19:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-13 19:54 . 2010-03-13 19:54 -------- d-----w- c:\program files\Java
2010-03-13 19:35 . 2010-03-13 19:35 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-13 18:17 . 2010-03-13 18:17 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-13 16:21 . 2010-03-13 16:21 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 16:18 . 2010-03-13 16:16 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies
2010-03-13 14:24 . 2010-03-13 14:24 -------- d-----w- c:\program files\microsoft frontpage
2010-03-13 14:22 . 2010-03-13 14:22 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 14:22 . 2010-03-13 14:22 -------- d-----w- c:\program files\Services en ligne
2010-03-09 11:10 . 2001-08-28 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 04:21 . 2009-08-14 04:27 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-03-13 16:12 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2009-08-14 01:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2009-08-14 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2009-08-14 01:19 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2009-08-14 01:47 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-03-13 16:12 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2009-08-14 01:58 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2009-08-14 02:27 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2009-08-14 02:10 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2009-08-14 01:42 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2009-08-14 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-03-13 16:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-03-13 16:12 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2009-08-14 02:09 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2009-08-14 02:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2009-08-14 02:09 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2009-08-14 02:06 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:16 . 2009-08-14 01:21 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2009-08-14 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2009-08-14 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2009-08-14 01:17 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2009-08-14 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2009-08-14 01:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-26 05:42 . 2001-08-28 12:00 671232 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:42 . 2010-03-14 11:01 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 19:55 . 2010-03-13 16:12 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-24 13:11 . 2001-08-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2001-08-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2001-08-23 17:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-18 16:58 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2001-08-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-08-28 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 08:01 . 2010-03-31 22:12 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-03-31 22:12 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-01_17.59.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-02 17:55 . 2010-05-02 17:55 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-02 17:52 . 2010-05-02 17:52 16384 c:\windows\temp\Perflib_Perfdata_7f0.dat
+ 2010-05-02 17:55 . 2010-05-02 17:55 32768 c:\windows\temp\Historique\History.IE5\MSHist012010050220100503\index.dat
+ 2010-05-02 17:55 . 2010-05-02 17:55 32768 c:\windows\temp\Historique\History.IE5\index.dat
- 2010-05-01 15:35 . 2010-05-01 17:59 32768 c:\windows\Temp\Historique\History.IE5\index.dat
+ 2010-05-02 17:55 . 2010-05-02 17:55 16384 c:\windows\temp\Cookies\index.dat
- 2010-05-01 15:35 . 2010-05-01 17:59 16384 c:\windows\Temp\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="k:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"avgnt"="k:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="k:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
l:\documents and settings\Administrateur\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - k:\program files\oo\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKLM\~\startupfolder\L:^Documents and Settings^willow^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk]
path=l:\documents and settings\willow\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- k:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- k:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
2007-07-26 13:05 20480 ----a-w- c:\program files\Gigabyte\ET5Pro\ETcall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- k:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SteamUp]
2010-03-20 19:14 1217872 ----a-w- k:\program files\Cracked Steam\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"k:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"k:\\Program Files\\eMule\\eMule.exe"=
"l:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"l:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"k:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"l:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"l:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"l:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"l:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"l:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"k:\\Program Files\\Ubi Soft\\dernierrituel\\rituel.exe"=
"l:\\Program Files\\Call Of duty modern 2\\iw4sp.exe"=
"l:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"l:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"l:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"k:\\Program Files\\BitTorrent\\bittorrent.exe"=
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [13/03/2010 21:37 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [13/03/2010 21:37 45416]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;k:\program files\Avira\AntiVir Desktop\sched.exe [13/03/2010 21:37 108289]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [12/04/2010 18:56 14976]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2010 03:07 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;l:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15/12/2009 22:07 25832]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;k:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [13/03/2010 21:46 23152]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21/03/2010 15:29 38224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/03/2010 16:05 691696]
.
Contenu du dossier 'Tâches planifiées'
2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:07]
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:07]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: k:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: k:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
k:\program files\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
k:\program files\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
k:\program files\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
k:\program files\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 19:55
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89BDFCC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> 0x89bdfcc8
\Driver\atapi -> atapi.sys @ 0xb9f36852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x88ffc5c0
PacketIndicateHandler -> NDIS.sys @ 0xb9e4fa21
SendHandler -> NDIS.sys @ 0xb9e2d87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x057545301
malicious code @ sector 0x057545304 !
PE file found in sector at 0x05754531A !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\k:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1004336348-57989841-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:31,c4,1c,c8,15,4c,36,f4,ab,0e,80,87,60,2d,8e,22,62,30,1e,8c,0d,
b7,f8,4d,a3,8a,d5,2f,da,9c,eb,f7,bc,67,04,ca,71,33,30,c3,f2,99,b4,ad,68,be,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
k:\program files\Avira\AntiVir Desktop\avguard.exe
l:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
l:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
k:\program files\NetLimiter 2 Pro\nlsvc.exe
k:\program files\RealVNC\VNC4\WinVNC4.exe
k:\program files\NetLimiter 2 Pro\NLClient.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2010-05-02 19:57:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-02 17:57
ComboFix2.txt 2010-05-01 18:01
Avant-CF: 815 874 048 octets libres
Après-CF: 787 542 016 octets libres
- - End Of File - - D2D002CE4551F709185A4B5AA792C715
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Super ! Ca a l'air d'être bon !
Plus de bug depuis un moment...
Je te remercie pour ton super boulot, franchement vous assurez !
J'imagine que je doit finaliser en nettoyant un peu tout ca ?
Je crois qu'on va pouvoir mettre "résolu"
Encore merci
Plus de bug depuis un moment...
Je te remercie pour ton super boulot, franchement vous assurez !
J'imagine que je doit finaliser en nettoyant un peu tout ca ?
Je crois qu'on va pouvoir mettre "résolu"
Encore merci
J'imagine que je doit finaliser en nettoyant un peu tout ca ?
Oui tout à fait....
Dsl je bosse demain très tot et --> dodo ce soir !!! je n'est plus de temps ce
soir....
==> Relance moi un "UP" demain vers 18/19 h afin que je puisse lire ton message et on finalisera......
à demain...dsl pour ce soir !
Oui tout à fait....
Dsl je bosse demain très tot et --> dodo ce soir !!! je n'est plus de temps ce
soir....
==> Relance moi un "UP" demain vers 18/19 h afin que je puisse lire ton message et on finalisera......
à demain...dsl pour ce soir !
Re,
Pour vérif, fais tout de même ceci stp .
/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\
Télécharge : Gmer (by Przemyslaw Gmerek)
http://www.gmer.net/
Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre, ou pas...
Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Ensuite
sur les lignes rouge:
Services:cliques droit delete service
Process:cliques droit kill process
Adl ,file:cliques droit delete files
a+
Pour vérif, fais tout de même ceci stp .
/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\
Télécharge : Gmer (by Przemyslaw Gmerek)
http://www.gmer.net/
Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre, ou pas...
Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Ensuite
sur les lignes rouge:
Services:cliques droit delete service
Process:cliques droit kill process
Adl ,file:cliques droit delete files
a+
RE ! Pardon de pas avoir donné de nouvelles mais j'était très occupé ...
Ca continue a bugger ! (meme avec le net débranché )
Je n'arrive pas a faire un scan GMER complet car ca bug avant. J'ai fait lecteur par lecteur mais le plus gros ne se termine pas avant un bug !
Voici le scan de mes lecteurs sauf un :
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 20:46:57
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 22:02:28
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
Ca continue a bugger ! (meme avec le net débranché )
Je n'arrive pas a faire un scan GMER complet car ca bug avant. J'ai fait lecteur par lecteur mais le plus gros ne se termine pas avant un bug !
Voici le scan de mes lecteurs sauf un :
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 20:46:57
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 22:02:28
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
RE ! Pardon de pas avoir donné de nouvelles mais j'était très occupé ...
Ca continue a bugger ! (meme avec le net débranché )
Je n'arrive pas a faire un scan GMER complet car ca bug avant. J'ai fait lecteur par lecteur mais le plus gros ne se termine pas avant un bug !
Voici le scan de mes lecteurs sauf un :
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 20:46:57
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
---- EOF - GMER 1.0.15 ----
Ca continue a bugger ! (meme avec le net débranché )
Je n'arrive pas a faire un scan GMER complet car ca bug avant. J'ai fait lecteur par lecteur mais le plus gros ne se termine pas avant un bug !
Voici le scan de mes lecteurs sauf un :
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 20:46:57
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 22:02:28
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
Rootkit scan 2010-05-10 22:02:28
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 22:56:44
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 22:56:44
Windows 5.1.2600 Service Pack 3
Running: 6i5gmgrn.exe; Driver: L:\DOCUME~1\willow\LOCALS~1\Temp\uwlorkod.sys
---- System - GMER 1.0.15 ----
SSDT BA73A606 ZwCreateKey
SSDT BA73A5FC ZwCreateThread
SSDT BA73A60B ZwDeleteKey
SSDT BA73A615 ZwDeleteValueKey
SSDT BA73A61A ZwLoadKey
SSDT BA73A5E8 ZwOpenProcess
SSDT BA73A5ED ZwOpenThread
SSDT BA73A624 ZwReplaceKey
SSDT BA73A61F ZwRestoreKey
SSDT BA73A610 ZwSetValueKey
SSDT BA73A5F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes CALL 870AB9FE
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9911000, 0x235297, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9015300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA368300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000043 89854300
Device \Driver\ACPI \Device\00000050 89854300
Device \Driver\ACPI \Device\00000060 89854300
Device \Driver\ACPI \Device\00000048 89854300
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\00000049 89854300
Device \Driver\ACPI \Device\00000062 89854300
Device \Driver\ACPI \Device\00000057 89854300
Device \Driver\ACPI \Device\00000063 89854300
Device \Driver\ACPI \Device\00000064 89854300
Device \Driver\ACPI \Device\00000065 89854300
Device \Driver\ACPI \Device\0000004a 89854300
Device \Driver\ACPI \Device\0000003f 89854300
Device \Driver\ACPI \Device\0000004b 89854300
Device \Driver\ACPI \Device\0000004c 89854300
Device \Driver\ACPI \Device\0000004d 89854300
Device \Driver\ACPI \Device\0000005a 89854300
Device \Driver\ACPI \Device\0000005b 89854300
Device \Driver\ACPI \Device\0000005c 89854300
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005d 89854300
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\ACPI \Device\0000005f 89854300
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xB2 0x77 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 K:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xDA 0xCD 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x44 0xE3 0x5F 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xE1 0xEF 0xB7 ...
---- EOF - GMER 1.0.15 ----
Supprimes Combofix ainsi :
->Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :
ComboFix /uninstall
-->Valides .
==> Réinstalle le iici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Lance le et colle le rapport stp...
a+
->Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :
ComboFix /uninstall
-->Valides .
==> Réinstalle le iici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Lance le et colle le rapport stp...
a+
ComboFix 10-05-13.04 - willow 14/05/2010 19:09:52.5.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1620 [GMT 2:00]
Lancé depuis: l:\documents and settings\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-14 au 2010-05-14 ))))))))))))))))))))))))))))))))))))
.
2010-05-13 15:48 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-05-13 14:45 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-05-13 14:44 . 2010-05-13 14:44 -------- d-----w- c:\program files\Sophos
2010-05-03 16:10 . 2010-05-03 16:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-01 15:31 . 2010-05-01 15:55 -------- d-----w- C:\UsbFix
2010-05-01 11:39 . 2010-05-01 13:14 -------- d-----w- C:\Ad-Remover
2010-04-28 21:50 . 2010-04-28 21:50 -------- d-----w- l:\documents and settings\Downloads\The Full Monty
2010-04-27 22:39 . 2010-04-27 22:39 -------- d-----w- l:\documents and settings\Downloads\Twilight[2008]VOSTFR-DvDrip-AIA
2010-04-27 22:28 . 2010-04-29 01:09 -------- d-----w- l:\documents and settings\Downloads\Dancer in the Dark
2010-04-27 22:28 . 2010-04-27 22:28 -------- d-----w- l:\documents and settings\Downloads
2010-04-27 20:36 . 2010-05-09 22:22 -------- d-----w- l:\documents and settings\willow\Application Data\BitTorrent
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-s---w- l:\documents and settings\LocalService.AUTORITE NT\UserData
2010-04-25 20:28 . 2010-04-25 20:28 -------- d-----w- c:\program files\Enigma Software Group
2010-04-25 20:28 . 2010-04-26 18:41 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-25 20:15 . 2010-04-25 20:15 -------- d-s---w- l:\documents and settings\NetworkService.AUTORITE NT\UserData
2010-04-23 16:11 . 2010-04-30 13:16 -------- d-----w- l:\documents and settings\Risen\SaveGames
2010-04-23 16:11 . 2010-04-23 16:12 -------- d-----w- l:\documents and settings\willow\Local Settings\Application Data\Risen
2010-04-23 16:11 . 2010-04-23 16:11 -------- d-----w- l:\documents and settings\Risen
2010-04-23 16:08 . 2010-04-23 16:08 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-23 16:08 . 2010-04-23 16:08 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-18 13:14 . 2010-04-18 13:28 -------- d-----w- l:\documents and settings\willow\Application Data\gtk-2.0
2010-04-18 12:57 . 2010-04-18 12:57 -------- d-----w- l:\documents and settings\willow\.thumbnails
2010-04-18 12:56 . 2010-04-18 12:56 -------- d-----w- l:\documents and settings\gegl-0.0\plug-ins
2010-04-18 12:56 . 2010-04-18 12:56 -------- d-----w- l:\documents and settings\gegl-0.0
2010-04-16 22:03 . 2010-04-16 22:03 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 09:46 . 2010-03-21 00:00 -------- d-----w- l:\documents and settings\willow\Application Data\vlc
2010-05-02 19:39 . 2010-03-14 14:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-29 13:39 . 2010-03-21 13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-21 13:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 20:28 . 2010-03-20 18:45 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-04-25 20:15 . 2010-03-22 14:55 -------- d-----w- l:\documents and settings\willow\Application Data\QuickScan
2010-04-23 16:03 . 2010-03-13 14:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 13:29 . 2010-03-16 08:44 -------- d-----w- l:\documents and settings\willow\Application Data\dvdcss
2010-04-22 03:26 . 2010-03-22 01:07 -------- d-----w- c:\program files\Google
2010-04-12 16:34 . 2010-04-12 16:34 -------- d-----w- c:\program files\Restore
2010-04-12 16:34 . 2010-04-12 16:27 249856 ------w- c:\windows\Setup1.exe
2010-04-12 16:34 . 2010-04-12 16:27 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-07 09:20 . 2010-04-07 09:20 -------- d-----w- l:\documents and settings\willow\Application Data\Media Center Programs
2010-04-07 09:13 . 2010-04-07 09:13 -------- d-----w- l:\documents and settings\willow\Application Data\InstallShield Installation Information
2010-04-04 15:12 . 2010-04-04 15:12 -------- d-----w- l:\documents and settings\All Users\Application Data\BioWare
2010-04-02 18:54 . 2010-03-13 16:12 -------- d-----w- c:\program files\ATI Technologies
2010-04-02 18:54 . 2010-04-02 18:54 -------- d-----w- c:\program files\ATI
2010-04-02 12:38 . 2010-04-02 12:38 384 ----a-w- l:\documents and settings\im_lastritual\user.tmp
2010-04-02 12:07 . 2010-04-02 12:07 -------- d-----w- l:\documents and settings\willow\Application Data\Apple Computer
2010-04-02 12:05 . 2010-03-31 20:36 -------- d-----w- l:\documents and settings\All Users\Application Data\Apple Computer
2010-04-01 10:03 . 2010-04-01 10:03 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-01 09:38 . 2010-03-31 16:36 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-31 22:04 . 2010-03-20 18:45 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- l:\documents and settings\All Users\Application Data\Apple
2010-03-31 17:03 . 2010-03-31 17:02 -------- d-----w- l:\documents and settings\All Users\Application Data\QuickTime
2010-03-31 16:43 . 2010-03-20 18:17 -------- d-----w- c:\program files\SpeedFan
2010-03-31 16:36 . 2010-03-31 16:35 -------- d-----w- c:\program files\Gigabyte
2010-03-31 16:34 . 2010-03-13 14:30 16608 ----a-w- c:\windows\gdrv.sys
2010-03-31 12:04 . 2010-03-31 12:04 -------- d-----w- l:\documents and settings\willow\Application Data\EPSON
2010-03-28 13:02 . 2001-08-28 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 13:02 . 2001-08-28 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-27 22:49 . 2010-03-27 22:31 -------- d-----w- c:\program files\DivX
2010-03-27 22:49 . 2010-03-27 22:30 -------- d-----w- l:\documents and settings\All Users\Application Data\DivX
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2010-03-24 14:13 . 2010-03-24 14:13 67128 ----a-w- l:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-24 14:10 . 2010-03-20 17:25 -------- d-----w- c:\program files\Fichiers communs\BioWare
2010-03-24 13:49 . 2010-03-24 13:38 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-03-24 13:35 . 2010-03-24 13:35 -------- d-----w- c:\program files\Rockstar Games
2010-03-24 13:32 . 2010-03-24 13:29 -------- d-----w- l:\documents and settings\willow\Application Data\DeepBurner
2010-03-24 12:50 . 2010-03-13 14:24 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-22 17:14 . 2010-03-22 16:59 -------- d-----w- l:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-22 17:02 . 2010-03-22 17:02 -------- d-----w- c:\program files\trend micro
2010-03-21 13:29 . 2010-03-21 13:29 -------- d-----w- l:\documents and settings\willow\Application Data\Malwarebytes
2010-03-21 13:29 . 2010-03-21 13:29 -------- d-----w- l:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-20 17:23 . 2010-03-20 17:23 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-20 17:10 . 2010-03-13 16:11 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-03-20 17:09 . 2010-03-20 17:09 -------- d-----w- c:\program files\Bayo
2010-03-20 17:09 . 2010-03-20 17:09 -------- d-----w- c:\program files\Fichiers communs\Bayo
2010-03-20 16:44 . 2010-03-20 16:44 -------- d-----w- c:\program files\Intel
2010-03-17 17:28 . 2010-03-16 09:06 17280 ----a-w- l:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-17 16:52 . 2010-03-17 16:52 -------- d-----w- c:\program files\MSBuild
2010-03-17 16:52 . 2010-03-17 16:52 -------- d-----w- c:\program files\Reference Assemblies
2010-03-17 16:50 . 2010-03-17 16:50 -------- d-----w- c:\program files\MSXML 6.0
2010-03-16 08:56 . 2010-03-16 08:56 -------- d-----w- l:\documents and settings\Administrateur\Application Data\OpenOffice.org
2010-03-14 11:14 . 2010-03-14 11:14 315392 ----a-w- c:\windows\HideWin.exe
2010-03-13 19:54 . 2010-03-13 19:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-13 18:17 . 2010-03-13 18:17 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-13 16:21 . 2010-03-13 16:21 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 14:22 . 2010-03-13 14:22 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:10 . 2001-08-28 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 04:21 . 2009-08-14 04:27 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-03-13 16:12 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2009-08-14 01:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2009-08-14 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2009-08-14 01:19 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2009-08-14 01:47 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-03-13 16:12 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2009-08-14 01:58 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2009-08-14 02:27 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2009-08-14 02:10 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2009-08-14 01:42 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2009-08-14 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-03-13 16:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-03-13 16:12 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2009-08-14 02:09 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2009-08-14 02:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2009-08-14 02:09 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2009-08-14 02:06 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-04-02 18:54 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2009-08-14 01:21 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2009-08-14 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2009-08-14 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2009-08-14 01:17 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2009-08-14 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2009-08-14 01:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-26 05:42 . 2001-08-28 12:00 671232 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:42 . 2010-03-14 11:01 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 19:55 . 2010-03-13 16:12 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-24 13:11 . 2001-08-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2001-08-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2001-08-23 17:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-05-01_17.59.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-02 17:55 . 2010-05-14 17:09 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-14 17:09 . 2010-05-14 17:09 16384 c:\windows\temp\Perflib_Perfdata_dc.dat
+ 2010-05-14 16:43 . 2010-05-14 17:09 32768 c:\windows\temp\Historique\History.IE5\MSHist012010051420100515\index.dat
- 2010-05-01 15:35 . 2010-05-01 17:59 32768 c:\windows\Temp\Historique\History.IE5\index.dat
+ 2010-05-02 17:55 . 2010-05-14 17:09 32768 c:\windows\temp\Historique\History.IE5\index.dat
- 2010-05-01 15:35 . 2010-05-01 17:59 16384 c:\windows\Temp\Cookies\index.dat
+ 2010-05-02 17:55 . 2010-05-14 17:09 16384 c:\windows\temp\Cookies\index.dat
+ 2007-01-31 13:33 . 2007-01-31 13:33 5632 c:\windows\system32\drivers\avgarkt.sys
- 2010-03-13 14:22 . 2008-04-11 19:05 691712 c:\windows\system32\inetcomm.dll
+ 2010-03-13 14:22 . 2010-01-29 15:00 691712 c:\windows\system32\inetcomm.dll
+ 2010-03-15 12:44 . 2010-01-29 15:00 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2010-03-15 12:44 . 2008-04-11 19:05 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2010-03-24 13:04 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-03-24 13:04 . 2010-01-29 15:00 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-03-17 09:29 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1620 [GMT 2:00]
Lancé depuis: l:\documents and settings\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-14 au 2010-05-14 ))))))))))))))))))))))))))))))))))))
.
2010-05-13 15:48 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-05-13 14:45 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-05-13 14:44 . 2010-05-13 14:44 -------- d-----w- c:\program files\Sophos
2010-05-03 16:10 . 2010-05-03 16:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-01 15:31 . 2010-05-01 15:55 -------- d-----w- C:\UsbFix
2010-05-01 11:39 . 2010-05-01 13:14 -------- d-----w- C:\Ad-Remover
2010-04-28 21:50 . 2010-04-28 21:50 -------- d-----w- l:\documents and settings\Downloads\The Full Monty
2010-04-27 22:39 . 2010-04-27 22:39 -------- d-----w- l:\documents and settings\Downloads\Twilight[2008]VOSTFR-DvDrip-AIA
2010-04-27 22:28 . 2010-04-29 01:09 -------- d-----w- l:\documents and settings\Downloads\Dancer in the Dark
2010-04-27 22:28 . 2010-04-27 22:28 -------- d-----w- l:\documents and settings\Downloads
2010-04-27 20:36 . 2010-05-09 22:22 -------- d-----w- l:\documents and settings\willow\Application Data\BitTorrent
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-s---w- l:\documents and settings\LocalService.AUTORITE NT\UserData
2010-04-25 20:28 . 2010-04-25 20:28 -------- d-----w- c:\program files\Enigma Software Group
2010-04-25 20:28 . 2010-04-26 18:41 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-25 20:15 . 2010-04-25 20:15 -------- d-s---w- l:\documents and settings\NetworkService.AUTORITE NT\UserData
2010-04-23 16:11 . 2010-04-30 13:16 -------- d-----w- l:\documents and settings\Risen\SaveGames
2010-04-23 16:11 . 2010-04-23 16:12 -------- d-----w- l:\documents and settings\willow\Local Settings\Application Data\Risen
2010-04-23 16:11 . 2010-04-23 16:11 -------- d-----w- l:\documents and settings\Risen
2010-04-23 16:08 . 2010-04-23 16:08 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-04-23 16:08 . 2010-04-23 16:08 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-04-18 13:14 . 2010-04-18 13:28 -------- d-----w- l:\documents and settings\willow\Application Data\gtk-2.0
2010-04-18 12:57 . 2010-04-18 12:57 -------- d-----w- l:\documents and settings\willow\.thumbnails
2010-04-18 12:56 . 2010-04-18 12:56 -------- d-----w- l:\documents and settings\gegl-0.0\plug-ins
2010-04-18 12:56 . 2010-04-18 12:56 -------- d-----w- l:\documents and settings\gegl-0.0
2010-04-16 22:03 . 2010-04-16 22:03 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 09:46 . 2010-03-21 00:00 -------- d-----w- l:\documents and settings\willow\Application Data\vlc
2010-05-02 19:39 . 2010-03-14 14:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-29 13:39 . 2010-03-21 13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-03-21 13:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 20:28 . 2010-03-20 18:45 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-04-25 20:15 . 2010-03-22 14:55 -------- d-----w- l:\documents and settings\willow\Application Data\QuickScan
2010-04-23 16:03 . 2010-03-13 14:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 13:29 . 2010-03-16 08:44 -------- d-----w- l:\documents and settings\willow\Application Data\dvdcss
2010-04-22 03:26 . 2010-03-22 01:07 -------- d-----w- c:\program files\Google
2010-04-12 16:34 . 2010-04-12 16:34 -------- d-----w- c:\program files\Restore
2010-04-12 16:34 . 2010-04-12 16:27 249856 ------w- c:\windows\Setup1.exe
2010-04-12 16:34 . 2010-04-12 16:27 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-07 09:20 . 2010-04-07 09:20 -------- d-----w- l:\documents and settings\willow\Application Data\Media Center Programs
2010-04-07 09:13 . 2010-04-07 09:13 -------- d-----w- l:\documents and settings\willow\Application Data\InstallShield Installation Information
2010-04-04 15:12 . 2010-04-04 15:12 -------- d-----w- l:\documents and settings\All Users\Application Data\BioWare
2010-04-02 18:54 . 2010-03-13 16:12 -------- d-----w- c:\program files\ATI Technologies
2010-04-02 18:54 . 2010-04-02 18:54 -------- d-----w- c:\program files\ATI
2010-04-02 12:38 . 2010-04-02 12:38 384 ----a-w- l:\documents and settings\im_lastritual\user.tmp
2010-04-02 12:07 . 2010-04-02 12:07 -------- d-----w- l:\documents and settings\willow\Application Data\Apple Computer
2010-04-02 12:05 . 2010-03-31 20:36 -------- d-----w- l:\documents and settings\All Users\Application Data\Apple Computer
2010-04-01 10:03 . 2010-04-01 10:03 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-01 09:38 . 2010-03-31 16:36 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-31 22:04 . 2010-03-20 18:45 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 20:35 . 2010-03-31 20:35 -------- d-----w- l:\documents and settings\All Users\Application Data\Apple
2010-03-31 17:03 . 2010-03-31 17:02 -------- d-----w- l:\documents and settings\All Users\Application Data\QuickTime
2010-03-31 16:43 . 2010-03-20 18:17 -------- d-----w- c:\program files\SpeedFan
2010-03-31 16:36 . 2010-03-31 16:35 -------- d-----w- c:\program files\Gigabyte
2010-03-31 16:34 . 2010-03-13 14:30 16608 ----a-w- c:\windows\gdrv.sys
2010-03-31 12:04 . 2010-03-31 12:04 -------- d-----w- l:\documents and settings\willow\Application Data\EPSON
2010-03-28 13:02 . 2001-08-28 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-28 13:02 . 2001-08-28 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-27 22:49 . 2010-03-27 22:31 -------- d-----w- c:\program files\DivX
2010-03-27 22:49 . 2010-03-27 22:30 -------- d-----w- l:\documents and settings\All Users\Application Data\DivX
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2010-03-24 14:13 . 2010-03-24 14:13 67128 ----a-w- l:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-24 14:10 . 2010-03-20 17:25 -------- d-----w- c:\program files\Fichiers communs\BioWare
2010-03-24 13:49 . 2010-03-24 13:38 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-03-24 13:35 . 2010-03-24 13:35 -------- d-----w- c:\program files\Rockstar Games
2010-03-24 13:32 . 2010-03-24 13:29 -------- d-----w- l:\documents and settings\willow\Application Data\DeepBurner
2010-03-24 12:50 . 2010-03-13 14:24 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-22 17:14 . 2010-03-22 16:59 -------- d-----w- l:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-22 17:02 . 2010-03-22 17:02 -------- d-----w- c:\program files\trend micro
2010-03-21 13:29 . 2010-03-21 13:29 -------- d-----w- l:\documents and settings\willow\Application Data\Malwarebytes
2010-03-21 13:29 . 2010-03-21 13:29 -------- d-----w- l:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-20 17:23 . 2010-03-20 17:23 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-20 17:10 . 2010-03-13 16:11 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-03-20 17:09 . 2010-03-20 17:09 -------- d-----w- c:\program files\Bayo
2010-03-20 17:09 . 2010-03-20 17:09 -------- d-----w- c:\program files\Fichiers communs\Bayo
2010-03-20 16:44 . 2010-03-20 16:44 -------- d-----w- c:\program files\Intel
2010-03-17 17:28 . 2010-03-16 09:06 17280 ----a-w- l:\documents and settings\LocalService.AUTORITE NT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-17 16:52 . 2010-03-17 16:52 -------- d-----w- c:\program files\MSBuild
2010-03-17 16:52 . 2010-03-17 16:52 -------- d-----w- c:\program files\Reference Assemblies
2010-03-17 16:50 . 2010-03-17 16:50 -------- d-----w- c:\program files\MSXML 6.0
2010-03-16 08:56 . 2010-03-16 08:56 -------- d-----w- l:\documents and settings\Administrateur\Application Data\OpenOffice.org
2010-03-14 11:14 . 2010-03-14 11:14 315392 ----a-w- c:\windows\HideWin.exe
2010-03-13 19:54 . 2010-03-13 19:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-13 18:17 . 2010-03-13 18:17 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-13 16:21 . 2010-03-13 16:21 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 14:22 . 2010-03-13 14:22 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:10 . 2001-08-28 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 04:21 . 2009-08-14 04:27 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-03-13 16:12 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2009-08-14 01:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2009-08-14 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2009-08-14 01:19 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2009-08-14 01:47 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-03-13 16:12 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2009-08-14 01:58 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2009-08-14 02:27 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2009-08-14 02:10 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2009-08-14 01:42 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2009-08-14 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-03-13 16:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-03-13 16:12 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2009-08-14 02:09 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2009-08-14 02:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2009-08-14 02:09 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2009-08-14 02:08 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2009-08-14 02:06 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-04-02 18:54 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2009-08-14 01:21 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2009-08-14 01:19 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2009-08-14 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2009-08-14 01:17 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2009-08-14 01:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2009-08-14 01:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2009-08-14 01:25 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-26 05:42 . 2001-08-28 12:00 671232 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:42 . 2010-03-14 11:01 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 19:55 . 2010-03-13 16:12 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-24 13:11 . 2001-08-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:06 . 2001-08-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2001-08-23 17:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-05-01_17.59.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-02 17:55 . 2010-05-14 17:09 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-14 17:09 . 2010-05-14 17:09 16384 c:\windows\temp\Perflib_Perfdata_dc.dat
+ 2010-05-14 16:43 . 2010-05-14 17:09 32768 c:\windows\temp\Historique\History.IE5\MSHist012010051420100515\index.dat
- 2010-05-01 15:35 . 2010-05-01 17:59 32768 c:\windows\Temp\Historique\History.IE5\index.dat
+ 2010-05-02 17:55 . 2010-05-14 17:09 32768 c:\windows\temp\Historique\History.IE5\index.dat
- 2010-05-01 15:35 . 2010-05-01 17:59 16384 c:\windows\Temp\Cookies\index.dat
+ 2010-05-02 17:55 . 2010-05-14 17:09 16384 c:\windows\temp\Cookies\index.dat
+ 2007-01-31 13:33 . 2007-01-31 13:33 5632 c:\windows\system32\drivers\avgarkt.sys
- 2010-03-13 14:22 . 2008-04-11 19:05 691712 c:\windows\system32\inetcomm.dll
+ 2010-03-13 14:22 . 2010-01-29 15:00 691712 c:\windows\system32\inetcomm.dll
+ 2010-03-15 12:44 . 2010-01-29 15:00 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2010-03-15 12:44 . 2008-04-11 19:05 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2010-03-24 13:04 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-03-24 13:04 . 2010-01-29 15:00 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-03-17 09:29 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="k:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"avgnt"="k:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
l:\documents and settings\Administrateur\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - k:\program files\oo\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKLM\~\startupfolder\L:^Documents and Settings^willow^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk]
path=l:\documents and settings\willow\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- k:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
2007-07-26 13:05 20480 ----a-w- c:\program files\Gigabyte\ET5Pro\ETcall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- k:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SteamUp]
2010-03-20 19:14 1217872 ----a-w- k:\program files\Cracked Steam\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"k:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"k:\\Program Files\\eMule\\eMule.exe"=
"l:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"l:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"k:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"l:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"l:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"l:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"l:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"l:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"k:\\Program Files\\Ubi Soft\\dernierrituel\\rituel.exe"=
"l:\\Program Files\\Call Of duty modern 2\\iw4sp.exe"=
"l:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"l:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"l:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"k:\\Program Files\\BitTorrent\\bittorrent.exe"=
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [13/03/2010 21:37 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [13/03/2010 21:37 45416]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [13/05/2010 17:48 18816]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;k:\program files\Avira\AntiVir Desktop\sched.exe [13/03/2010 21:37 108289]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [12/04/2010 18:56 14976]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2010 03:07 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;l:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15/12/2009 22:07 25832]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;k:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [13/03/2010 21:46 23152]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21/03/2010 15:29 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\91.tmp --> c:\windows\system32\91.tmp [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/03/2010 16:05 691696]
.
Contenu du dossier 'Tâches planifiées'
2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:07]
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:07]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: k:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: k:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
k:\program files\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
k:\program files\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
k:\program files\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
k:\program files\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 19:12
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A139208]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> 0x8a139208
\Driver\atapi -> atapi.sys @ 0xb9f36852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x8953f5c0
PacketIndicateHandler -> NDIS.sys @ 0xb9e4fa21
SendHandler -> NDIS.sys @ 0xb9e2d87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x057545301
malicious code @ sector 0x057545304 !
PE file found in sector at 0x05754531A !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\k:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\91.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1004336348-57989841-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:31,c4,1c,c8,15,4c,36,f4,ab,0e,80,87,60,2d,8e,22,62,30,1e,8c,0d,
b7,f8,4d,a3,8a,d5,2f,da,9c,eb,f7,bc,67,04,ca,71,33,30,c3,f2,99,b4,ad,68,be,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Heure de fin: 2010-05-14 19:13:51
ComboFix-quarantined-files.txt 2010-05-14 17:13
ComboFix2.txt 2010-05-05 12:17
ComboFix3.txt 2010-05-03 16:22
ComboFix4.txt 2010-05-02 17:57
ComboFix5.txt 2010-05-14 17:07
Avant-CF: 505 212 928 octets libres
Après-CF: 477 499 392 octets libres
- - End Of File - - 8268960F4B0A17C9E0E39DF62445A74E
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="k:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]
"avgnt"="k:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
l:\documents and settings\Administrateur\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - k:\program files\oo\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKLM\~\startupfolder\L:^Documents and Settings^willow^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk]
path=l:\documents and settings\willow\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- k:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
2007-07-26 13:05 20480 ----a-w- c:\program files\Gigabyte\ET5Pro\ETcall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- k:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SteamUp]
2010-03-20 19:14 1217872 ----a-w- k:\program files\Cracked Steam\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"k:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"k:\\Program Files\\eMule\\eMule.exe"=
"l:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"l:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"k:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"l:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"l:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"l:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"l:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"l:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"k:\\Program Files\\Ubi Soft\\dernierrituel\\rituel.exe"=
"l:\\Program Files\\Call Of duty modern 2\\iw4sp.exe"=
"l:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"l:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"l:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"k:\\Program Files\\BitTorrent\\bittorrent.exe"=
R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [13/03/2010 21:37 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [13/03/2010 21:37 45416]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [13/05/2010 17:48 18816]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;k:\program files\Avira\AntiVir Desktop\sched.exe [13/03/2010 21:37 108289]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [12/04/2010 18:56 14976]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2010 03:07 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;l:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15/12/2009 22:07 25832]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;k:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [13/03/2010 21:46 23152]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21/03/2010 15:29 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\91.tmp --> c:\windows\system32\91.tmp [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/03/2010 16:05 691696]
.
Contenu du dossier 'Tâches planifiées'
2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:07]
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:07]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: k:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: k:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: k:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: l:\documents and settings\willow\Application Data\Mozilla\Firefox\Profiles\2ig1d9a7.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
k:\program files\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
k:\program files\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
k:\program files\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
k:\program files\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 19:12
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A139208]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> 0x8a139208
\Driver\atapi -> atapi.sys @ 0xb9f36852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x8953f5c0
PacketIndicateHandler -> NDIS.sys @ 0xb9e4fa21
SendHandler -> NDIS.sys @ 0xb9e2d87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x057545301
malicious code @ sector 0x057545304 !
PE file found in sector at 0x05754531A !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\k:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\91.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1004336348-57989841-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:31,c4,1c,c8,15,4c,36,f4,ab,0e,80,87,60,2d,8e,22,62,30,1e,8c,0d,
b7,f8,4d,a3,8a,d5,2f,da,9c,eb,f7,bc,67,04,ca,71,33,30,c3,f2,99,b4,ad,68,be,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Heure de fin: 2010-05-14 19:13:51
ComboFix-quarantined-files.txt 2010-05-14 17:13
ComboFix2.txt 2010-05-05 12:17
ComboFix3.txt 2010-05-03 16:22
ComboFix4.txt 2010-05-02 17:57
ComboFix5.txt 2010-05-14 17:07
Avant-CF: 505 212 928 octets libres
Après-CF: 477 499 392 octets libres
- - End Of File - - 8268960F4B0A17C9E0E39DF62445A74E
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/...
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à rappeler le programme si besoin.
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Télécharge List_Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/...
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à rappeler le programme si besoin.
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.1 ¤¤¤¤¤¤¤¤¤¤
User : willow (Administrateurs)
Update on 09/05/2010 by g3n-h@ckm@n ::::: 09.15
Start at: 21:20:18 | 15/05/2010
Processeur Intel Pentium III Xeon
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 6,51 Go (466,45 Mo free) | NTFS
D:\ -> Disque fixe local | 232,88 Go (232,05 Go free) [alex] | NTFS
E:\ -> Disque CD-ROM
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque fixe local | 105,28 Go (101,56 Go free) [autre] | NTFS
L:\ -> Disque fixe local | 698,64 Go (333,18 Go free) [Disk Willow] | NTFS
M:\ -> Disque amovible
N:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
K:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
K:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
K:\Program Files\Avira\AntiVir Desktop\avguard.exe
L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
k:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
k:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wuauclt.exe
k:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
K:\Program Files\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SuperCopier2.exe REG_SZ K:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
RTHDCPL REG_SZ RTHDCPL.EXE
avgnt REG_SZ "K:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ WILLOW-CAGE
DefaultUserName REG_SZ willow
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ willow
AltDefaultDomainName REG_SZ WILLOW-CAGE
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
K:\Program Files\aMSN\bin\wish.exe REG_SZ K:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application
C:\Program Files\Java\jre6\bin\javaw.exe REG_SZ C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
K:\Program Files\eMule\eMule.exe REG_SZ K:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus
L:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe REG_SZ L:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Jeu
L:\Program Files\Mass Effect 2\MassEffect2Launcher.exe REG_SZ L:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Lanceur
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
K:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe REG_SZ K:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club
L:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe REG_SZ L:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV
L:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe REG_SZ L:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
L:\Program Files\Dragon Age\bin_ship\daorigins.exe REG_SZ L:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Jeu
L:\Program Files\Dragon Age\DAOriginsLauncher.exe REG_SZ L:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Lanceur
L:\Program Files\Left 4 Dead 2\left4dead2.exe REG_SZ L:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2
K:\Program Files\Ubi Soft\dernierrituel\rituel.exe REG_SZ K:\Program Files\Ubi Soft\dernierrituel\rituel.exe:*:Enabled:rituel
L:\Program Files\Call Of duty modern 2\iw4sp.exe REG_SZ L:\Program Files\Call Of duty modern 2\iw4sp.exe:*:Enabled:iw4sp
L:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe REG_SZ L:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Application de mise à jour
L:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe REG_SZ L:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander
L:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe REG_SZ L:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander
K:\Program Files\BitTorrent\bittorrent.exe REG_SZ K:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
User : willow (Administrateurs)
Update on 09/05/2010 by g3n-h@ckm@n ::::: 09.15
Start at: 21:20:18 | 15/05/2010
Processeur Intel Pentium III Xeon
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 6,51 Go (466,45 Mo free) | NTFS
D:\ -> Disque fixe local | 232,88 Go (232,05 Go free) [alex] | NTFS
E:\ -> Disque CD-ROM
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque fixe local | 105,28 Go (101,56 Go free) [autre] | NTFS
L:\ -> Disque fixe local | 698,64 Go (333,18 Go free) [Disk Willow] | NTFS
M:\ -> Disque amovible
N:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
K:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
K:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
K:\Program Files\Avira\AntiVir Desktop\avguard.exe
L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
L:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
k:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
k:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wuauclt.exe
k:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
K:\Program Files\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SuperCopier2.exe REG_SZ K:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
RTHDCPL REG_SZ RTHDCPL.EXE
avgnt REG_SZ "K:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ WILLOW-CAGE
DefaultUserName REG_SZ willow
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ willow
AltDefaultDomainName REG_SZ WILLOW-CAGE
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
K:\Program Files\aMSN\bin\wish.exe REG_SZ K:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application
C:\Program Files\Java\jre6\bin\javaw.exe REG_SZ C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
K:\Program Files\eMule\eMule.exe REG_SZ K:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus
L:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe REG_SZ L:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Jeu
L:\Program Files\Mass Effect 2\MassEffect2Launcher.exe REG_SZ L:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Lanceur
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
K:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe REG_SZ K:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club
L:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe REG_SZ L:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV
L:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe REG_SZ L:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
L:\Program Files\Dragon Age\bin_ship\daorigins.exe REG_SZ L:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Jeu
L:\Program Files\Dragon Age\DAOriginsLauncher.exe REG_SZ L:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Lanceur
L:\Program Files\Left 4 Dead 2\left4dead2.exe REG_SZ L:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2
K:\Program Files\Ubi Soft\dernierrituel\rituel.exe REG_SZ K:\Program Files\Ubi Soft\dernierrituel\rituel.exe:*:Enabled:rituel
L:\Program Files\Call Of duty modern 2\iw4sp.exe REG_SZ L:\Program Files\Call Of duty modern 2\iw4sp.exe:*:Enabled:iw4sp
L:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe REG_SZ L:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Application de mise à jour
L:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe REG_SZ L:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander
L:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe REG_SZ L:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander
K:\Program Files\BitTorrent\bittorrent.exe REG_SZ K:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9CF10F1C-55BD-4173-8BAB-0E481E7696CA}: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9CF10F1C-55BD-4173-8BAB-0E481E7696CA}: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9CF10F1C-55BD-4173-8BAB-0E481E7696CA}: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9CF10F1C-55BD-4173-8BAB-0E481E7696CA}: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.138.2.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
699 Go total, 333 Go libre (47%), 15% fragment' (fragmentation du fichier 31%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\WINDOWS\002235_.tmp
Present !! : C:\WINDOWS\002828_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET7.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_USERS\S-1-5-21-1004336348-57989841-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Services\MEMSWEEP2
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 21:26:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8968C718]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8968c718
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x897a45c0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x057545301
malicious code @ sector 0x057545304 !
PE file found in sector at 0x05754531A !
Use "Recovery Console" command "fixmbr" to clear infection !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 21:26:35,90
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9CF10F1C-55BD-4173-8BAB-0E481E7696CA}: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9CF10F1C-55BD-4173-8BAB-0E481E7696CA}: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9CF10F1C-55BD-4173-8BAB-0E481E7696CA}: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9CF10F1C-55BD-4173-8BAB-0E481E7696CA}: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.138.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.138.2.1
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
=========
Atapi.sys
=========
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
699 Go total, 333 Go libre (47%), 15% fragment' (fragmentation du fichier 31%)
Vous devriez d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\WINDOWS\002235_.tmp
Present !! : C:\WINDOWS\002828_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET7.tmp
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_USERS\S-1-5-21-1004336348-57989841-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Services\MEMSWEEP2
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 21:26:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8968C718]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x8968c718
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> 0x897a45c0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x057545301
malicious code @ sector 0x057545304 !
PE file found in sector at 0x05754531A !
Use "Recovery Console" command "fixmbr" to clear infection !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 21:26:35,90
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
mais cette fois-ci :
choisis l'option clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
