Sujet Précédent Sujet Suivant

Malwares détectés et supprimés - séquelles

Fermé
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008 - 22 août 2008 à 13:21
 Utilisateur anonyme - 22 août 2008 à 23:25
Bonjour tout le monde, ça fait longtemps que je parcours les forums de commentçamarche et aujourd'hui j'ai pas trouver de réponses à mes questions alors j'ouvre mon compte :)

Alors j'ai un nouvel ordi avec Vista 32 et manque de chance, quand j'ai téléchargé mon antivirus (antivir) j'ai chopé des malwares qui se trouvaient dans le fichier :(

j'ai analysé et détruits se que j'ai trouvé avec malwares'byte, spybot, antivir, bitdefender online et tous mon trouver des malwares sauf le dernier.

1) Je voudrais savoir si je suis toujours infecté?

Voici mon rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:16, on 22.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\conime.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.ch[...]=ch&ibd=5080806
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dannz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [%AWinUpdate] C:\WINDOWS\wuauclt.vbs
O4 - HKCU\..\Run: [%ProtectMyPC] C:\Program Files\Internet Explorer\iexplore.exe http://gomyhit.com/MjA2MTk=/2/7391/ratna/
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9230 bytes


Merci d'avance :)


2) Je vais faire une restauration système car ces malwares ont fait disparaître dans le menu démarrer de vista, la case "tous les programmes" ainsi que la cas "ordinateur" en plus de la désactivation du clic droit sur le bureau :(
Mais comme je ne peux plus accéder à "accessoires" je me demandes s'il y a un raccourci autre?


PS: J'ai un peu galérer à écrire ce message, est-ce normal que toutes les 2 lignes, le curseur revient en arrière et écrit par dessus se que j'ai déjà écrit?


Merci d'avance :)
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 13:53
Je me permets de remonter mon post qui allait sombré dans l'oublie ^^
0
Réponse 2 / 25
Utilisateur anonyme
22 août 2008 à 13:55
Salut , 
j'ai analysé et détruits se que j'ai trouvé avec malwares'byte, spybot, antivir, bitdefender online et tous mon trouver des malwares sauf le dernier.


Poste TOUT les rapports si possible. ( sauf spybot )

- ton pc est encore infecté.



++
0
Réponse 3 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 14:03
Salut, merci de l'intérêt :)

hijackthis:

cf. au dessus


Malwarebytes:

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 6.0.6001 Service Pack 1

04:51:23 22.08.2008
mbam-log-08-22-2008 (04-51-23).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 116890
Temps écoulé: 1 hour(s), 1 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antimalwareguard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\AntiMalwareGuard\amg.exe (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalwareGuard\BL.dat (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalwareGuard\WL.dat (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiMalwareGuard\AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiMalwareGuard\Uninstall AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Users\Marc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.


Antivir:


Premium Security Suite
Report file date: vendredi 22 août 2008 02:43

Scanning for 1566590 virus strains and unwanted programs.

Licensed to: Calin Ungur
Serial number: 1101180232-ISECE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-MARC

Version information:
BUILD.DAT : 8.1.0.245 27422 Bytes 12.08.2008 11:39:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26.06.2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24.06.2008 13:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14.08.2008 00:39:56
ANTIVIR3.VDF : 7.0.6.51 217600 Bytes 21.08.2008 00:39:57
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 22.08.2008 00:40:01
AESCN.DLL : 8.1.0.23 119156 Bytes 10.07.2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24.04.2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15.07.2008 12:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 22.08.2008 00:40:01
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 22.08.2008 00:40:00
AEHELP.DLL : 8.1.0.15 115063 Bytes 10.07.2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 22.08.2008 00:39:58
AEEMU.DLL : 8.1.0.7 430452 Bytes 31.07.2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31.07.2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10.07.2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 22.08.2008 00:39:58
AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2904321 Bytes 12.06.2008 13:36:58
RCTEXT.DLL : 8.0.46.0 86273 Bytes 12.06.2008 13:37:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\program files\avira\avira premium security suite\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 22 août 2008 02:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'avesvc.exe' - '1' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'DellDock.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'upeksvr.exe' - '1' Module(s) have been scanned
Scan process 'AEstSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'wlanext.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LBTServ.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'DockLogin.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1N4GRHG\updater[1].htm
[0] Archive type: RAR SFX (self extracting)
--> console_1.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
--> console_2.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
--> Setup_ver1.1594.1.exe
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE] The file was deleted!
C:\Users\Marc\AppData\Local\Temp\runUpdater.exe
[0] Archive type: RAR SFX (self extracting)
--> console_1.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
--> console_2.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
--> Setup_ver1.1594.1.exe
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE] The file was deleted!
C:\Users\Marc\AppData\Local\Temp\RarSFX1\console_1.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
[NOTE] The file was deleted!
C:\Users\Marc\AppData\Local\Temp\RarSFX1\console_2.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
[NOTE] The file was deleted!
C:\Users\Marc\AppData\Local\Temp\RarSFX1\Setup_ver1.1594.1.exe
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE] The file was deleted!
C:\Windows\wuauclt.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
[NOTE] The file was deleted!
C:\Windows\System32\wuauclt.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
[NOTE] The file was deleted!
Begin scan in 'D:\' <RECOVERY>


End of the scan: vendredi 22 août 2008 02:54
Used time: 11:24 Minute(s)

The scan has been done completely.

15965 Scanning directories
170842 Files were scanned
11 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
7 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
170829 Files not concerned
938 Archives were scanned
2 Warnings
7 Notes



C'est tou ce que j'ai :)
0
Réponse 4 / 25
Utilisateur anonyme
22 août 2008 à 14:14
Re ,

Super.

______________________________________________________________________


Désactive l'UAC (contrôle des comptes utilisateurs) car il peut gener l'execution du programme.

Démarrer --> Panneau de Configuration --> Comptes d'utilisateurs et protection des utilisateurs --> Comptes d'utilisateurs --> Activer ou désactiver le contrôle des comptes d'utilisateurs > désactive-le.

/!\ Pense à le remettre aprés la désinfection /!\


Tutorial : http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html

______________________________________________________________________



→ Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

→ Double-clic sur DSS.exe pour lancer l'outil.

→ Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

→ A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse.

Les rapports sont ici :
(!) C:\Deckard\System Scanner\main.txt
(!) C:\Deckard\System Scanner\extra.txt

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 14:19
Arg...


Deckard's System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites.

08/17/2008

Your Geeks to Go admin team
0
Réponse 6 / 25
Utilisateur anonyme
22 août 2008 à 14:24
Re ,

Ah oui c'est vrai j'ai oublié.

honte a moi .


Télécharge http://www.suspectfile.com/systemscan/ ( Systemscan )


→ Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)

→ Clique sur Unselect all

Coche uniquement ces cases :

_ Recent Files, 30 days

_ Registry run keys

_ Suspicious files


Puis clique sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


++
0
Réponse 7 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 14:32
ça a duré même pas 2 secondes ^^


SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows VISTA , Service Pack 1 (6001.6.0)
System directory: C:\Windows
SystemScan file: C:\Users\Marc\Desktop\sys55571.exe
Running in: User mode
Date: 22.08.2008
Time: 14:30:44

Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files

===================== RECENT FILES =====================

Showing files newer than 30 days

----- recent files in C:\
05.08.2008 18:35:22 (DIR) 0 byte 17 days old -- Documents and Settings
06.08.2008 04:09:50 (DIR) 0 byte 16 days old -- Drivers
06.08.2008 04:09:51 (DIR) 0 byte 16 days old -- doctemp
06.08.2008 04:14:35 5050 byte 16 days old -- dell.sdr
18.08.2008 22:04:52 (DIR) 0 byte 4 days old -- Users
18.08.2008 22:05:59 (DIR) 0 byte 4 days old -- $Recycle.Bin
18.08.2008 22:31:42 (DIR) 0 byte 4 days old -- DELL
21.08.2008 15:05:10 (DIR) 0 byte 1 days old -- kav
22.08.2008 02:26:19 (DIR) 0 byte 0 days old -- Config.Msi
22.08.2008 02:34:20 (DIR) 0 byte 0 days old -- System Volume Information
22.08.2008 04:52:21 5406 byte 0 days old -- avenger.txt
22.08.2008 04:52:21 (DIR) 0 byte 0 days old -- Avenger
22.08.2008 04:55:01 (DIR) 0 byte 0 days old -- ProgramData
22.08.2008 12:12:07 (DIR) 0 byte 0 days old -- Program Files
22.08.2008 12:17:35 (DIR) 0 byte 0 days old -- Windows
22.08.2008 14:17:59 (DIR)-538902528 byte 0 days old -- hiberfil.sys
22.08.2008 14:17:59 (DIR)-225292288 byte 0 days old -- pagefile.sys

----- recent files in C:\Windows\
05.08.2008 18:24:01 (DIR) 0 byte 17 days old -- Help
05.08.2008 18:30:36 65536 byte 17 days old -- ocsetup_cbs_install_OEMHelpCustomization.dpx
05.08.2008 18:30:36 30081024 byte 17 days old -- ocsetup_install_OEMHelpCustomization.etl
05.08.2008 18:30:36 196608 byte 17 days old -- ocsetup_cbs_install_OEMHelpCustomization.perf
05.08.2008 18:35:45 74 byte 17 days old -- CT4CET.bin
05.08.2008 18:47:06 (DIR) 0 byte 17 days old -- Fonts
05.08.2008 18:49:11 1463 byte 17 days old -- xpsp1hfm.log
05.08.2008 19:03:02 4506 byte 17 days old -- DtcInstall.log
05.08.2008 19:03:55 (DIR) 0 byte 17 days old -- Panther
05.08.2008 20:20:33 (DIR) 0 byte 17 days old -- twain_32
05.08.2008 20:20:53 3652 byte 17 days old -- TSSysprep.log
06.08.2008 04:07:37 (DIR) 0 byte 16 days old -- Setup
06.08.2008 04:13:37 (DIR) 0 byte 16 days old -- Users
06.08.2008 04:14:35 12 byte 16 days old -- csup.txt
18.08.2008 22:14:16 493 byte 4 days old -- comsetup.log
18.08.2008 22:21:21 (DIR) 0 byte 4 days old -- assembly
18.08.2008 22:21:22 (DIR) 0 byte 4 days old -- Microsoft.NET
18.08.2008 22:27:30 538 byte 4 days old -- KB893803v2.log
18.08.2008 22:27:35 86 byte 4 days old -- KE.log
18.08.2008 22:30:25 (DIR) 0 byte 4 days old -- AppPatch
18.08.2008 22:30:29 (DIR) 0 byte 4 days old -- ehome
18.08.2008 22:30:32 (DIR) 0 byte 4 days old -- PolicyDefinitions
18.08.2008 22:35:20 (DIR) 0 byte 4 days old -- SoftwareDistribution
19.08.2008 01:20:29 (DIR) 0 byte 3 days old -- Debug
19.08.2008 15:26:55 (DIR) 0 byte 3 days old -- PCHEALTH
19.08.2008 15:27:14 (DIR) 0 byte 3 days old -- winsxs
20.08.2008 13:18:10 (DIR) 0 byte 2 days old -- Logs
21.08.2008 00:46:25 132385 byte 1 days old -- setupact.log
21.08.2008 00:53:27 (DIR) 0 byte 1 days old -- rescache
21.08.2008 12:54:05 28394 byte 1 days old -- DPINST.LOG
21.08.2008 13:42:36 (DIR) 0 byte 1 days old -- registration
21.08.2008 13:42:40 (DIR) 0 byte 1 days old -- Tasks
21.08.2008 22:06:15 (DIR) 0 byte 1 days old -- Installer
22.08.2008 02:26:19 19668 byte 0 days old -- PFRO.log
22.08.2008 03:05:39 286720 byte 0 days old -- PATCH.EXE
22.08.2008 03:05:39 69689 byte 0 days old -- UNZIP.DLL
22.08.2008 03:05:40 507904 byte 0 days old -- TMUPDATE.DLL
22.08.2008 03:06:43 (DIR) 0 byte 0 days old -- AU_Log
22.08.2008 12:17:37 (DIR) 0 byte 0 days old -- Downloaded Program Files
22.08.2008 12:55:48 (DIR) 0 byte 0 days old -- BDOSCAN8
22.08.2008 14:17:14 1401 byte 0 days old -- bthservsdp.dat
22.08.2008 14:18:03 67584 byte 0 days old -- bootstat.dat
22.08.2008 14:21:00 763211 byte 0 days old -- WindowsUpdate.log
22.08.2008 14:24:29 (DIR) 0 byte 0 days old -- inf
22.08.2008 14:24:29 (DIR) 0 byte 0 days old -- System32
22.08.2008 14:29:18 (DIR) 0 byte 0 days old -- Temp
22.08.2008 14:30:44 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\Windows\Downloaded Program Files\

----- recent files in C:\Windows\system\

----- recent files in C:\Windows\system32\
05.08.2008 11:11:02 15888504 byte 17 days old -- mrt.exe
05.08.2008 18:23:43 (DIR) 0 byte 17 days old -- restore
05.08.2008 18:30:37 (DIR) 0 byte 17 days old -- Macromed
05.08.2008 18:31:21 6089 byte 17 days old -- jupdate-1.6.0_05-b13.log
05.08.2008 18:36:22 (DIR) 0 byte 17 days old -- FRA
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- ja-JP
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- it-IT
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- ko-KR
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- sv-SE
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- pl-PL
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- ru-RU
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- pt-BR
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- es-MX
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- en-US
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- es-AR
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- zh-CN
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- zh-TW
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- de-DE
05.08.2008 18:40:38 (DIR) 0 byte 17 days old -- es-ES
05.08.2008 18:40:51 (DIR) 0 byte 17 days old -- Microsoft
05.08.2008 19:00:01 271624 byte 17 days old -- FNTCACHE.DAT
05.08.2008 19:03:55 (DIR) 0 byte 17 days old -- sysprep
06.08.2008 04:07:35 (DIR) 0 byte 16 days old -- oobe
06.08.2008 04:07:36 (DIR) 0 byte 16 days old -- oem
06.08.2008 04:08:30 60224 byte 16 days old -- tcpmon.ini
06.08.2008 04:13:33 615992 byte 16 days old -- ci.dll
06.08.2008 04:13:33 927288 byte 16 days old -- winresume.exe
06.08.2008 04:13:33 14848 byte 16 days old -- srdelayed.exe
06.08.2008 04:13:33 318464 byte 16 days old -- rstrui.exe
06.08.2008 04:13:33 6656 byte 16 days old -- kbd106n.dll
06.08.2008 04:13:33 988216 byte 16 days old -- winload.exe
06.08.2008 04:13:33 378368 byte 16 days old -- srcore.dll
06.08.2008 04:13:33 46592 byte 16 days old -- setbcdlocale.dll
06.08.2008 04:13:33 40960 byte 16 days old -- srclient.dll
06.08.2008 04:13:33 19000 byte 16 days old -- kd1394.dll
06.08.2008 04:13:43 (DIR) 0 byte 16 days old -- Boot
06.08.2008 04:13:48 1695744 byte 16 days old -- gameux.dll
06.08.2008 04:13:48 4240384 byte 16 days old -- GameUXLegacyGDFs.dll
06.08.2008 04:14:00 295936 byte 16 days old -- gdi32.dll
06.08.2008 04:14:06 2032128 byte 16 days old -- win32k.sys
18.08.2008 21:58:23 65328 byte 4 days old -- license.rtf
18.08.2008 22:11:14 (DIR) 0 byte 4 days old -- NDF
18.08.2008 22:30:27 (DIR) 0 byte 4 days old -- migration
18.08.2008 22:30:33 (DIR) 0 byte 4 days old -- fr-FR
21.08.2008 13:42:39 (DIR) 0 byte 1 days old -- catroot2
21.08.2008 13:42:40 (DIR) 0 byte 1 days old -- spool
21.08.2008 13:42:46 (DIR) 0 byte 1 days old -- config
21.08.2008 13:43:57 (DIR) 0 byte 1 days old -- wbem
21.08.2008 13:43:58 (DIR) 0 byte 1 days old -- Msdtc
22.08.2008 02:34:29 (DIR) 0 byte 0 days old -- catroot
22.08.2008 04:52:21 (DIR) 0 byte 0 days old -- drivers
22.08.2008 12:24:18 (DIR) 0 byte 0 days old -- Tasks
22.08.2008 14:18:10 3616 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
22.08.2008 14:18:10 3616 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
22.08.2008 14:24:29 669566 byte 0 days old -- perfh00C.dat
22.08.2008 14:24:29 1470810 byte 0 days old -- PerfStringBackup.INI
22.08.2008 14:24:29 587178 byte 0 days old -- perfh009.dat
22.08.2008 14:24:29 101250 byte 0 days old -- perfc009.dat
22.08.2008 14:24:29 123556 byte 0 days old -- perfc00C.dat
22.08.2008 14:29:19 (DIR) 0 byte 0 days old -- WDI

----- recent files in C:\Windows\system32\drivers\
05.08.2008 20:19:46 0 byte 17 days old -- Msft_Kernel_Apfiltr_01005.Wdf
06.08.2008 04:08:43 5050 byte 16 days old -- 1028_Dell_XPS_M1530.mrk
17.08.2008 15:01:14 17144 byte 5 days old -- mbam.sys
17.08.2008 15:01:18 38472 byte 5 days old -- mbamswissarmy.sys
18.08.2008 22:29:40 0 byte 4 days old -- Msft_Kernel_LMouFilt_01005.Wdf
19.08.2008 12:10:53 (DIR) 0 byte 3 days old -- UMDF

----- recent files in C:\Windows\temp\
05.08.2008 18:34:53 166 byte 17 days old -- SetupAV.log
05.08.2008 18:36:08 174 byte 17 days old -- SetupAVC.log
05.08.2008 18:36:15 (DIR) 0 byte 17 days old -- IntelIMSM
05.08.2008 19:01:29 0 byte 17 days old -- sqlite_vOoxHInI9cccLQx
05.08.2008 19:01:29 1024 byte 17 days old -- sqlite_hbAw2cwGq2EFVTJ
18.08.2008 22:00:18 0 byte 4 days old -- sqlite_2MFggpFzLJuZhkg
18.08.2008 22:00:18 0 byte 4 days old -- sqlite_31vgf8AQwhkT65I
18.08.2008 22:02:39 9437184 byte 4 days old -- WinSAT_KernelLog.etl
18.08.2008 22:02:39 12582912 byte 4 days old -- WinSAT_DX.etl
18.08.2008 22:04:30 3145728 byte 4 days old -- WinSAT_StorageAsmt.etl
18.08.2008 22:32:07 (DIR) 0 byte 4 days old -- MCE00000
18.08.2008 22:32:42 (DIR) 0 byte 4 days old -- Cookies
18.08.2008 22:32:42 (DIR) 0 byte 4 days old -- Fichiers Internet temporaires
18.08.2008 22:32:43 (DIR) 0 byte 4 days old -- History
20.08.2008 18:49:17 120 byte 2 days old -- fwtsqmfile12.sqm
20.08.2008 18:49:22 120 byte 2 days old -- fwtsqmfile15.sqm
20.08.2008 18:49:22 120 byte 2 days old -- fwtsqmfile14.sqm
20.08.2008 18:49:22 120 byte 2 days old -- fwtsqmfile13.sqm
20.08.2008 18:49:28 120 byte 2 days old -- fwtsqmfile16.sqm
20.08.2008 18:49:33 120 byte 2 days old -- fwtsqmfile18.sqm
20.08.2008 18:49:33 120 byte 2 days old -- fwtsqmfile17.sqm
20.08.2008 18:49:41 120 byte 2 days old -- fwtsqmfile00.sqm
20.08.2008 18:49:41 120 byte 2 days old -- fwtsqmfile19.sqm
20.08.2008 18:51:56 120 byte 2 days old -- fwtsqmfile01.sqm
20.08.2008 19:12:27 120 byte 2 days old -- fwtsqmfile02.sqm
20.08.2008 19:33:31 120 byte 2 days old -- fwtsqmfile03.sqm
20.08.2008 19:54:16 120 byte 2 days old -- fwtsqmfile04.sqm
20.08.2008 20:00:15 120 byte 2 days old -- fwtsqmfile05.sqm
20.08.2008 20:00:20 120 byte 2 days old -- fwtsqmfile06.sqm
20.08.2008 20:00:21 120 byte 2 days old -- fwtsqmfile07.sqm
20.08.2008 20:00:31 120 byte 2 days old -- fwtsqmfile08.sqm
20.08.2008 20:00:39 120 byte 2 days old -- fwtsqmfile09.sqm
20.08.2008 20:14:45 120 byte 2 days old -- fwtsqmfile10.sqm
20.08.2008 20:36:55 120 byte 2 days old -- fwtsqmfile11.sqm
21.08.2008 22:03:43 14642 byte 1 days old -- MpSigStub.log
22.08.2008 02:13:30 3798 byte 0 days old -- MpCmdRun.log

----- recent files in C:\Program Files\
05.08.2008 18:31:21 (DIR) 0 byte 17 days old -- Java
05.08.2008 18:32:02 (DIR) 0 byte 17 days old -- Intel, Inc
05.08.2008 18:33:58 (DIR) 0 byte 17 days old -- Protector Suite QL
05.08.2008 18:34:38 (DIR) 0 byte 17 days old -- Creative Live! Cam
05.08.2008 18:35:22 (DIR) 0 byte 17 days old -- Creative
05.08.2008 18:36:22 (DIR) 0 byte 17 days old -- Intel
05.08.2008 18:40:37 (DIR) 0 byte 17 days old -- WIDCOMM
05.08.2008 18:43:52 (DIR) 0 byte 17 days old -- Dell Support Center
05.08.2008 18:45:27 (DIR) 0 byte 17 days old -- CyberLink
05.08.2008 18:46:29 (DIR) 0 byte 17 days old -- Microsoft Office
05.08.2008 18:47:09 (DIR) 0 byte 17 days old -- Microsoft Works
05.08.2008 18:49:26 (DIR) 0 byte 17 days old -- Roxio
05.08.2008 18:50:51 (DIR) 0 byte 17 days old -- Citrix
05.08.2008 18:55:35 (DIR) 0 byte 17 days old -- Dell
05.08.2008 20:19:49 (DIR) 0 byte 17 days old -- Sigmatel
06.08.2008 04:14:20 (DIR) 0 byte 16 days old -- DellTPad
18.08.2008 22:01:35 (DIR) 0 byte 4 days old -- Windows NT
18.08.2008 22:01:35 (DIR) 0 byte 4 days old -- Fichiers communs
18.08.2008 22:25:04 (DIR) 0 byte 4 days old -- Logitech
18.08.2008 22:25:12 (DIR) 0 byte 4 days old -- InstallShield Installation Information
18.08.2008 22:30:26 (DIR) 0 byte 4 days old -- Windows Mail
18.08.2008 23:13:05 (DIR) 0 byte 4 days old -- Google
18.08.2008 23:51:06 (DIR) 0 byte 4 days old -- The KMPlayer
18.08.2008 23:53:06 (DIR) 0 byte 4 days old -- WinRAR
19.08.2008 01:05:54 (DIR) 0 byte 3 days old -- Skype
19.08.2008 01:12:47 (DIR) 0 byte 3 days old -- uTorrent
19.08.2008 01:22:48 (DIR) 0 byte 3 days old -- DivX
19.08.2008 13:26:15 (DIR) 0 byte 3 days old -- PhotoFiltre
21.08.2008 00:48:16 (DIR) 0 byte 1 days old -- Windows Live
21.08.2008 12:53:48 (DIR) 0 byte 1 days old -- MSN Messenger
21.08.2008 13:01:14 (DIR) 0 byte 1 days old -- ma-config.com
21.08.2008 15:12:44 (DIR) 0 byte 1 days old -- COMODO
21.08.2008 15:17:39 (DIR) 0 byte 1 days old -- eMule
21.08.2008 22:05:31 (DIR) 0 byte 1 days old -- Common Files
21.08.2008 22:05:31 (DIR) 0 byte 1 days old -- Adobe
22.08.2008 02:13:37 (DIR) 0 byte 0 days old -- SystemRequirementsLab
22.08.2008 02:34:13 (DIR) 0 byte 0 days old -- Avira
22.08.2008 03:12:28 (DIR) 0 byte 0 days old -- Malwarebytes' Anti-Malware
22.08.2008 04:57:54 (DIR) 0 byte 0 days old -- Spybot - Search & Destroy
22.08.2008 12:12:07 (DIR) 0 byte 0 days old -- Trend Micro
22.08.2008 14:18:22 (DIR) 0 byte 0 days old -- Mozilla Firefox

----- recent files in C:\Program Files\Common Files\
05.08.2008 18:31:04 (DIR) 0 byte 17 days old -- Java
05.08.2008 18:35:10 (DIR) 0 byte 17 days old -- Reallusion
05.08.2008 18:43:49 (DIR) 0 byte 17 days old -- supportsoft
05.08.2008 18:47:43 (DIR) 0 byte 17 days old -- InstallShield
05.08.2008 18:48:38 (DIR) 0 byte 17 days old -- Sonic Shared
05.08.2008 18:48:38 (DIR) 0 byte 17 days old -- Roxio Shared
05.08.2008 18:49:26 (DIR) 0 byte 17 days old -- SureThing Shared
18.08.2008 22:25:09 (DIR) 0 byte 4 days old -- Logitech
18.08.2008 22:25:25 (DIR) 0 byte 4 days old -- LogiShrd
19.08.2008 01:05:54 (DIR) 0 byte 3 days old -- Skype
19.08.2008 11:24:43 (DIR) 0 byte 3 days old -- Adobe(3)
19.08.2008 15:26:04 (DIR) 0 byte 3 days old -- WindowsLiveInstaller
21.08.2008 00:36:38 (DIR) 0 byte 1 days old -- PX Storage Engine
21.08.2008 12:53:47 (DIR) 0 byte 1 days old -- microsoft shared
21.08.2008 22:05:36 (DIR) 0 byte 1 days old -- Adobe

----- recent files in C:\Users\Marc\AppData\Roaming\
18.08.2008 22:05:06 (DIR) 0 byte 4 days old -- Dell
18.08.2008 22:05:37 (DIR) 0 byte 4 days old -- Identities
18.08.2008 22:25:02 (DIR) 0 byte 4 days old -- InstallShield
18.08.2008 22:29:29 (DIR) 0 byte 4 days old -- Logitech
18.08.2008 22:47:28 (DIR) 0 byte 4 days old -- Intel
18.08.2008 23:04:06 (DIR) 0 byte 4 days old -- Macromedia
18.08.2008 23:22:46 (DIR) 0 byte 4 days old -- Mozilla
18.08.2008 23:54:56 (DIR) 0 byte 4 days old -- WinRAR
19.08.2008 01:35:28 (DIR) 0 byte 3 days old -- CyberLink
19.08.2008 03:01:00 (DIR) 0 byte 3 days old -- Adobe
19.08.2008 12:46:26 (DIR) 0 byte 3 days old -- DivX
21.08.2008 00:03:07 (DIR) 0 byte 1 days old -- Microsoft
21.08.2008 15:12:44 (DIR) 0 byte 1 days old -- Comodo
21.08.2008 16:05:42 (DIR) 0 byte 1 days old -- skypePM
21.08.2008 20:48:57 (DIR) 0 byte 1 days old -- Skype
22.08.2008 02:13:27 (DIR) 0 byte 0 days old -- SystemRequirementsLab
22.08.2008 02:25:16 (DIR) 0 byte 0 days old -- uTorrent
22.08.2008 02:41:14 (DIR) 0 byte 0 days old -- Avira
22.08.2008 03:11:14 (DIR) 0 byte 0 days old -- Malwarebytes

----- recent files in C:\Users\Marc\AppData\Local\Temp\
18.08.2008 22:27:57 (DIR) 0 byte 4 days old -- {612C7D1E-66F3-46AC-97CE-D38006043884}
18.08.2008 22:47:14 (DIR) 0 byte 4 days old -- BTN%Copy%1
18.08.2008 23:08:47 (DIR) 0 byte 4 days old -- Drivers
18.08.2008 23:08:47 (DIR) 0 byte 4 days old -- scanners
18.08.2008 23:08:47 (DIR) 0 byte 4 days old -- comodo
18.08.2008 23:13:05 (DIR) 0 byte 4 days old -- CDIResData
18.08.2008 23:51:19 (DIR) 0 byte 4 days old -- {63d716f9-8880-4979-bae8-cd42242fea50}
19.08.2008 03:00:48 (DIR) 0 byte 3 days old -- Adobe
21.08.2008 13:02:57 (DIR) 0 byte 1 days old -- plugtmp
21.08.2008 21:42:55 (DIR) 0 byte 1 days old -- plugtmp-2
22.08.2008 02:25:23 (DIR) 0 byte 0 days old -- hsperfdata_Marc
22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- XScanResult
22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- testnsis
22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- RarSFX1
22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- plugtmp-1
22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- MessengerCache
22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- Google Toolbar
22.08.2008 04:55:22 (DIR) 0 byte 0 days old -- nso188.tmp
22.08.2008 12:17:12 (DIR) 0 byte 0 days old -- Low
22.08.2008 12:24:20 (DIR) 0 byte 0 days old -- {947b1475-c0f7-46e4-99ee-2e3eb99ad7a0}
22.08.2008 13:58:30 311296 byte 0 days old -- ~DFA955.tmp
22.08.2008 14:11:24 (DIR) 0 byte 0 days old -- plugtmp-3
22.08.2008 14:18:20 (DIR) 0 byte 0 days old -- WPDNSE
22.08.2008 14:18:47 28700 byte 0 days old -- etilqs_VO9R86I3UHSXU4RephaM
22.08.2008 14:19:54 31832 byte 0 days old -- Marc.bmp
22.08.2008 14:28:16 34 byte 0 days old -- systemscan.ini
22.08.2008 14:28:35 (DIR) 0 byte 0 days old -- nstBB82.tmp
22.08.2008 14:28:35 16384 byte 0 days old -- ~DF6469.tmp

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"Windows Defender"=expand:"%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
"ECenter"="C:\Dell\E-Center\EULALauncher.exe"
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe"
"SigmatelSysTrayApp"=expand:"%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe"
"NvSvc"="RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"
"NVHotkey"="rundll32.exe C:\Windows\system32\nvHotkey.dll,Start"
"PSQLLauncher"="\"C:\Program Files\Protector Suite QL\launcher.exe\" /startup"
"DELL Webcam Manager"="\"C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe\" /s"
"IAAnotif"="\"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe\""
"dscactivate"="\"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe\""
"PCMService"="\"C:\Program Files\Dell\MediaDirect\PCMService.exe\""
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"DellSupportCenter"="\"C:\Program Files\Dell Support Center\bin\sprtcmd.exe\" /P DellSupportCenter"
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\""
"avgnt"="\"C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe\" /min"
"Malwarebytes Anti-Malware (reboot)"="\"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe\" /runcleanupscript"

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"DellSupportCenter"="\"C:\Program Files\Dell Support Center\bin\sprtcmd.exe\" /P DellSupportCenter"
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"%AWinUpdate"="C:\WINDOWS\wuauclt.vbs"
"%ProtectMyPC"="C:\Program Files\Internet Explorer\iexplore.exe http://gomyhit.com/MjA2MTk=/2/7391/ratna/"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\Windows\system32\webcheck.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\Windows\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Wireless Group Policy"
"DllName"=expand:"wlgpclnt.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Microsoft Disk Quota"
"DllName"=expand:"%SystemRoot%\System32\dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"DllName"=expand:"iedkcs32.dll"
"@="Internet Explorer Zonemapping"

[Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
"@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\System32\srchadmin.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"@="Security"
"DllName"=expand:"scecli.dll"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"@="802.3 Group Policy"
"DllName"=expand:"dot3gpclnt.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="IP Security"
"DllName"=expand:"%SystemRoot%\System32\polstore.dll"

[Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
"@="Enterprise QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\GoToAssist]
"DLLName"="C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll"

[Winlogon\Notify\psfus]
"DLLName"="C:\Windows\system32\psqlpwd.dll"

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ExcludeProfileDirs"="AppData\Local;AppData\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001771
"ParseAutoexec"="1"
"FirstLogon"=dword:00000000

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
#### HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32 @="C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll"
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
#### HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\InprocServer32 @="C:\Program Files\Dell\BAE\BAE.dll"
@="Browser Address Error Redirector"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\Windows\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\Windows\system32\logon.scr"

[Desktop\LanguageConfiguration]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\Windows\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\AuditPolicy]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Credssp]

[Lsa\Data]

[Lsa\FipsAlgorithmPolicy]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DisplayName"="@%SystemRoot%\system32\ipnathlp.dll,-106"
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"Description"="@%SystemRoot%\system32\ipnathlp.dll,-107"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000004
"Type"=dword:00000020
"DependOnService"=multi:"Netman\00WinMgmt\00RasMan\00BFE\00\00"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=multi:"SeChangeNotifyPrivilege\00SeCreateGlobalPrivilege\00SeImpersonatePrivilege\00SeLoadDriverPrivilege\00SeTakeOwnershipPrivilege\00\00"
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

[SharedAccess\Defaults]

[SharedAccess\Defaults\FirewallPolicy]
"IPSecExempt"=dword:00000001
"DisableStatefulFTP"=dword:00000000
"DisableStatefulPPTP"=dword:00000000
"PolicyVersion"=dword:00000201

[SharedAccess\Defaults\FirewallPolicy\DomainProfile]
"DisableNotifications"=dword:00000000
"EnableFirewall"=dword:00000001

[SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging]
"LogFileSize"=dword:00001000
"LogFilePath"="%systemroot%\system32\LogFiles\Firewall\pfirewall.log"

[SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"PerfLogsAlerts-PLASrv-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-DCOM-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|xxxxx@xxxxxv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|xxxxx@xxxxxv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|"
"WMP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"WMP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"WMP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|"
"WMPNSS-QWave-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-UDP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-QWave-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|xxxxx@xxxxxallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-UPnPHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-UPnPHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-HTTPSTR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-WMP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|xxxxx@xxxxxallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|xxxxx@xxxxxallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"WMPNSS-UPnP-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|xxxxx@xxxxxallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|"
"MCX-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-30757|Desc=@FirewallAPI.dll,-30760|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-QWave-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30769|Desc=@FirewallAPI.dll,-30772|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-QWave-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30773|Desc=@FirewallAPI.dll,-30776|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-QWave-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30777|Desc=@FirewallAPI.dll,-30780|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-QWave-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|xxxxx@xxxxxallAPI.dll,-30781|Desc=@FirewallAPI.dll,-30784|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-HTTPSTR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30785|Desc=@FirewallAPI.dll,-30788|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-HTTPSTR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=10244|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30789|Desc=@FirewallAPI.dll,-30792|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-TERMSRV-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3390|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-30793|Desc=@FirewallAPI.dll,-30796|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|xxxxx@xxxxxallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-MCX2SVC-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=mcx2svc|xxxxx@xxxxxallAPI.dll,-30810|Desc=@FirewallAPI.dll,-30811|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"MCX-Prov-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\mcx2prov.exe|xxxxx@xxxxxallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752|Edge=FALSE|"
"WinCollab-DFSR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|xxxxx@xxxxxallAPI.dll,-32253|Desc=@FirewallAPI.dll,-32256|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-DFSR-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|xxxxx@xxxxxallAPI.dll,-32257|Desc=@FirewallAPI.dll,-32260|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32261|Desc=@FirewallAPI.dll,-32264|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32265|Desc=@FirewallAPI.dll,-32268|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32269|Desc=@FirewallAPI.dll,-32272|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|xxxxx@xxxxxallAPI.dll,-32273|Desc=@FirewallAPI.dll,-32276|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"WinCollab-P2P-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|xxxxx@xxxxxallAPI.dll,-32277|Desc=@FirewallAPI.dll,-32280|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|"
"WinCollab-P2P-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|xxxxx@xxxxxallAPI.dll,-32281|Desc=@FirewallAPI.dll,-32284|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|"
"RemoteAdmin-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=*|xxxxx@xxxxxallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-NP-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|xxxxx@xxxxxallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=*|xxxxx@xxxxxallAPI.dll,-29753|Desc=@FirewallAPI.dll,-29756|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-NP-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|xxxxx@xxxxxallAPI.dll,-29757|Desc=@FirewallAPI.dll,-29760|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"RemoteAdmin-RPCSS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-29765|Desc=@FirewallAPI.dll,-29768|EmbedCtxt=@FirewallAPI.dll,-29752|Edge=FALSE|"
"MsiScsi-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"MsiScsi-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Msiscsi|xxxxx@xxxxxallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|Edge=FALSE|"
"Collab-P2PHost-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|"
"Collab-P2PHost-Out-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-P2PHost-WSD-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-P2PHost-WSD-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|xxxxx@xxxxxallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|"
"Collab-PNRP-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|xxxxx@xxxxxallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-SSDPSrv-In-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|xxxxx@xxxxxallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=FALSE|"
"RVM-VDS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDSLDR-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-RPCSS-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|xxxxx@xxxxxallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDS-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vds.exe|Svc=vds|xxxxx@xxxxxallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|Edge=FALSE|"
"RVM-VDSLDR-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\vdsldr.exe|xxxxx@xxxxxallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501
0
Réponse 8 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 14:37
Arg pas super l'affichage.

Je l'ai mis ici aussi:

https://www.2shared.com/file/3804564/2ecd91f4/report.html

Fais gaffe d'un coup mes saloperies se sont foutus dessus. Enfin tu sais mieux que moi.
0
Réponse 9 / 25
Utilisateur anonyme
22 août 2008 à 14:57
Re ,

Merci.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lance SystemScan ,

Clique sur ' Removal Script '

Puis copie ce texte (en gras) :


Files to delete:
C:\WINDOWS\wuauclt.vbs
C:\Users\Marc\AppData\Local\Temp\nso188.tmp
C:\Users\Marc\AppData\Local\Temp\nstBB82.tmp

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|%AWinUpdate
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|%ProtectMyPC

Programs to launch on reboot:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



Et colle-le dans le cadre blanc.

Puis clique sur " Proceed With Removal "

Ton pc va redémarrer , au redémarrage , Hijackthis va se lancer , poste-en moi un rapport.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


++
0
Réponse 10 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 15:01
Merci à toi.

J'ai fais ce que tu m'a dis là mais ça me met un message d'erreur qui dis que c'est compatible uniquement avec xp :(
0
Réponse 11 / 25
Utilisateur anonyme
22 août 2008 à 15:05
Re ,

Ok.
Pas bien grave.

supprime ces fichiers :

C:\WINDOWS\wuauclt.vbs
C:\Users\Marc\AppData\Local\Temp\nso188.tmp
C:\Users\Marc\AppData\Local\Temp\nstBB82.tmp

→ Relance hijackthis , en menu principal choisis ' Do a system scan only' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [%AWinUpdate] C:\WINDOWS\wuauclt.vbs
O4 - HKCU\..\Run: [%ProtectMyPC] C:\Program Files\Internet Explorer\iexplore.exe http://gomyhit.com/MjA2MTk=/2/7391/ratna/

Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.

→ clique sur ' fixchecked '



Redémarre , et reposte un rapport hijackthis


++
0
Réponse 12 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 15:13
Ehm,

wuauclt.vbs n'est pas dans la liste. Peut-être en dossier caché?

Pareil pour le dossier AppData, pas présent après utlilisateurs/Marc


PS:Je peux plus faire clic droit si jamais (pour les fichiers cachés).
0
Réponse 13 / 25
Utilisateur anonyme
22 août 2008 à 18:09
Salut ,
En effet , il faut afficher les fichiers et dossiers masqués.

Va dans ' panneaux de configuration ' > choisi ' affichage classique ' a droite > double clique sur ' options des dossiers ' > va dans l'onglet ' affichage ' , coche :

Afficher les dossier et fichiers cachés


[ appliquer ] > ok

Et continu


++
0
Réponse 14 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 18:23
Re :)

Alors j'ai pas trouvé:


C:\WINDOWS\wuauclt.vbs
et
C:\Users\Marc\AppData\Local\Temp\nstBB82.tmp

j'ai juste trouvé:

C:\Users\Marc\AppData\Local\Temp\nso188.tmp

qui était par ailleurs vide.

Sinon j'ai fais l'opération avec hijackthis :)

J'ai viens de faire un nouveau rapport de antivir et malwarebytes qui non rien trouvé :)
Un le nouveau rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:24, on 22.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\conime.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/ig/dell?hl=fr&client=dell-row&channel=ch&ibd=5080806
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 15 / 25
Utilisateur anonyme
22 août 2008 à 18:35
Re ,

As-tu redémarré ?

quels problèmes ? ceci : 

PS:Je peux plus faire clic droit si jamais (pour les fichiers cachés).
?

++
0
Réponse 16 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 18:43
Je viens de redémarrer :)

Les problèmes:

- clic-droit ne fonctionne pas
- "ordinateur" pas présent dans la liste "démarrage"
- même chose pour "tous les programmes"
- En appuyant sur Windows+E je ne vois rien dans le cadre je dois m'orienter avec le menu déroulant à gauche.


Sinon il est complètement désinfecté maintenant :D ?
0
Réponse 17 / 25
Utilisateur anonyme
22 août 2008 à 18:56
Re ,

On va finir.

Supprime Systemscan.

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

++
0
Réponse 18 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 19:03
-->- Recherche:

C:\HijackThis.lnk: trouvé !
C:\avenger: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\Marc\Desktop\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HJTInstall.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\Marc\Desktop\hijackthis.log: supprimé !
C:\avenger: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Sauvegarde du registre crée !
Fichiers temporaires nettoyés !
0
Réponse 19 / 25
Utilisateur anonyme
22 août 2008 à 19:18
Re ,

Supprime Toolscleaner + C:\Tcleaner.txt.

Remasque les fichiers cachés.

_____________________________________________________________________________

● Vide la quarantaine de Malwarebyte's Anti-Malware:

_ Clique sur le raccourci de "Malwarebytes' Anti-Malware" , puis sur "Quarantaine" .

sélectionne les divers éléments en cliquant sur "Tout" puis clique sur "Supprime".

_____________________________________________________________________________

vide la QUARANTAINE d'ANTIVIR en faisant : "clic-droit sur antivir" > "start antivir" > "quarantaine"
selectionne ce qui s'y trouve via clic-droit > puis "delete" (ce pour chacun).

_____________________________________________________________________________

● Télécharge la derniere version de Sun Java Runtime Environment 6 Update 7.
● Clique sur Windows XP/Vista/2000/2003 En ligne pour télécharger jre-6u7-windows-i586-p-iftw.exe sur ton bureau.
● Ferme tout les programmes qui tournent encore - tout spécialement ton navigateur web
● Maintenant , va dans " Ajout et suppression de programmes ou " Programmes et fonctionnalités " ( pour Vista ) et désinstalle les anciennes version de Java.
● Exemple d'anciennes versions :

_J2SE Runtime Environment 5.0 Update 10
_J2SE Runtime Environment 5.0 Update 11
_Java™ 6 Update 2

● Cherche & désinstalle tout ce qui reste de Java Runtime Environment ( JRE or J2SE dans le nom )
● Redémarre ton pc après la/les désinstallation(s)
● Maintenant double clique sur jre-6u7-windows-i586-p-iftw.exe présent sur ton bureau pour lancer l'installation de la dernière version.

A lire :
http://www.secuser.com/vulnerabilite/2008/080305-java.htm

_____________________________________________________________________________


Maintenant que ton pc n'est plus infecté creer un nouveau point de restauration

https://www.astucesinternet.com/modules/smartfaq/faq.php?faqid=113

_____________________________________________________________________________


Possèdes-tu le cd d'installation ?


++
0
Réponse 20 / 25
Marc23 Messages postés 14 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 22 août 2008
22 août 2008 à 22:20
Re, j'étais absent désolé.

Alors j'ai mis le nouveau java. j'ai lu l'article, c'est étonnant bien que je suis sur que dans mon cas, le problème venait du fichier que j'ai téléchargé.

Sinon, pour faire le point de restauration, mieux ne vaut-il pas attendre que les problèmes cités plus haut soit résolus?

PS: Je croyais le problème suivant disparu mais non, quand j'écris, tout les 10-15 mots, le curseur revient en arrière et j'écris par dessus ce que j'ai déjà taper :(


Edit: ah oui je possède le cd d'installation made in Dell quoi. Mais j'ai aussi la partition Recovery si jamais.
0

Discussions similaires

PIX
plart -
jordane45 -

1 réponse
Comment enlever le rouge sur la photo svp ?
lucas0909 -
bazfile -

11 réponses
quel difference entre supprimer et bloquer un contact
marie -
mlleal88 -

2 réponses
Supprimer une couleur d'une image
Ticki84 -
Utilisateur anonyme -

3 réponses