Sujet Précédent Sujet Suivant

Virus?

Fermé
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008 - 10 nov. 2008 à 02:53
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 15 nov. 2008 à 15:31
Bonjour,
j'ai fais un scan avec hijack et je voudrait savoir si j'ai des virus voila la liste merci d'avance:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:50:29, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\sgfhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GeForce Driver] sgfhost.exe
O4 - HKLM\..\RunServices: [GeForce Driver] sgfhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1225928303609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
A voir également:

36 réponses

  • 1
  • 2
Réponse 1 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 nov. 2008 à 08:49
Binjour,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\sgfhost.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 09:13
ok je fais sa merci a vous
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 09:30
Le probléme c'est que sgfhost.exe n'est plus sur mon dique dur il a peu étre changer de nom je vous envoi un autre log de hijack.c'est vraiment louche sa quand méme. Je me demande si c pa celui la d'ailleur 'svchost.exe'


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:57, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\sgfhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GeForce Driver] sgfhost.exe
O4 - HKLM\..\RunServices: [GeForce Driver] sgfhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1225928303609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
0
Réponse 2 / 36
faicel
10 nov. 2008 à 08:58
les noms des grands virus
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 09:37
et voila le scan du fichier

Fichier svchost.exe_ reçu le 2008.11.10 00:06:36 (CET)
Situation actuelle: terminé
Résultat: 0/36 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.7.1 2008.11.09 -
AntiVir 7.9.0.26 2008.11.07 -
Authentium 5.1.0.4 2008.11.09 -
Avast 4.8.1248.0 2008.11.08 -
AVG 8.0.0.161 2008.11.09 -
BitDefender 7.2 2008.11.09 -
CAT-QuickHeal 9.50 2008.11.08 -
ClamAV 0.94.1 2008.11.09 -
DrWeb 4.44.0.09170 2008.11.09 -
eSafe 7.0.17.0 2008.11.09 -
eTrust-Vet 31.6.6200 2008.11.09 -
Ewido 4.0 2008.11.09 -
F-Prot 4.4.4.56 2008.11.09 -
F-Secure 8.0.14332.0 2008.11.09 -
Fortinet 3.117.0.0 2008.11.09 -
GData 19 2008.11.09 -
Ikarus T3.1.1.45.0 2008.11.09 -
K7AntiVirus 7.10.520 2008.11.08 -
Kaspersky 7.0.0.125 2008.11.09 -
McAfee 5428 2008.11.08 -
Microsoft 1.4104 2008.11.09 -
NOD32 3597 2008.11.08 -
Norman 5.80.02 2008.11.07 -
Panda 9.0.0.4 2008.11.09 -
PCTools 4.4.2.0 2008.11.09 -
Prevx1 V2 2008.11.10 -
Rising 21.02.62.00 2008.11.09 -
SecureWeb-Gateway 6.7.6 2008.11.09 -
Sophos 4.35.0 2008.11.09 -
Sunbelt 3.1.1785.2 2008.11.08 -
Symantec 10 2008.11.09 -
TheHacker 6.3.1.1.146 2008.11.08 -
TrendMicro 8.700.0.1004 2008.11.07 -
VBA32 3.12.8.9 2008.11.09 -
ViRobot 2008.11.7.1457 2008.11.07 -
VirusBuster 4.5.11.0 2008.11.09 -
Information additionnelle
File size: 14336 bytes
MD5...: e4bdf223cd75478bf44567b4d5c2634d
SHA1..: 3d70560753b0ab43252311fa85e12f36a51a5f55
SHA256: 6234155d6c02c67689744d21380b17db5fe395bc8622c71b046e40ca1767785a
SHA512: b806bd12bc6a507aa87ac8ab347044f82c3593bfae3832d0a3e88a545a051776
177aa9214eeac785d64f35ae83e695f90859e655d5020ff195791cefff407c7e
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1002509
timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c00 0x2c00 6.29 48331595af9d9d52b478844a07357653
.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2
.rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882

( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status,
0
Réponse 3 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 nov. 2008 à 09:58
Re,

non, il estbtoujours là sous le même nom.

Fais ça :

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
.

=======================================

Recommence la recherche et l'envoi sur VirusTotal.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 10:08
AH merci il est la voila


Fichier sgfhost.exe reçu le 2008.11.10 10:06:24 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 20/36 (55.56%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 52 et 75 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.7.1 2008.11.10 -
AntiVir 7.9.0.29 2008.11.10 TR/Dropper.Gen
Authentium 5.1.0.4 2008.11.09 -
Avast 4.8.1248.0 2008.11.10 Win32:SdBot-gen
AVG 8.0.0.161 2008.11.09 BackDoor.RBot.AS
BitDefender 7.2 2008.11.10 Backdoor.SDBot.DFYR
CAT-QuickHeal 9.50 2008.11.10 Backdoor.SdBot.fwc
ClamAV 0.94.1 2008.11.10 -
DrWeb 4.44.0.09170 2008.11.10 BackDoor.IRC.Sdbot.4105
eSafe 7.0.17.0 2008.11.09 -
eTrust-Vet 31.6.6199 2008.11.08 Win32/IRCBot.DP
Ewido 4.0 2008.11.09 -
F-Prot 4.4.4.56 2008.11.09 -
F-Secure 8.0.14332.0 2008.11.10 Backdoor.Win32.SdBot.ibz
Fortinet 3.117.0.0 2008.11.09 W32/SDBot.IBZ!tr.bdr
GData 19 2008.11.10 Backdoor.SDBot.DFYR
Ikarus T3.1.1.45.0 2008.11.10 Backdoor.SdBot.DFYR
K7AntiVirus 7.10.520 2008.11.08 Backdoor.Win32.SdBot.ibz
Kaspersky 7.0.0.125 2008.11.10 Backdoor.Win32.SdBot.ibz
McAfee 5429 2008.11.10 W32/Sdbot.worm
Microsoft 1.4104 2008.11.10 -
NOD32 3598 2008.11.10 -
Norman 5.80.02 2008.11.07 -
Panda 9.0.0.4 2008.11.09 Suspicious file
PCTools 4.4.2.0 2008.11.09 -
Prevx1 V2 2008.11.10 Suspicious
Rising 21.03.01.00 2008.11.10 -
SecureWeb-Gateway 6.7.6 2008.11.10 Trojan.Dropper.Gen
Sophos 4.35.0 2008.11.10 Mal/Generic-A
Sunbelt 3.1.1785.2 2008.11.08 Backdoor.SDBot
Symantec 10 2008.11.10 -
TheHacker 6.3.1.1.147 2008.11.10 -
TrendMicro 8.700.0.1004 2008.11.10 -
VBA32 3.12.8.9 2008.11.10 Backdoor.Win32.SdBot.ibz
ViRobot 2008.11.10.1458 2008.11.10 -
VirusBuster 4.5.11.0 2008.11.09 -
Information additionnelle
File size: 933888 bytes
MD5...: 39f63896962b7342f30fa56c464b68b2
SHA1..: ea3e77f92c2017b9a06cb2fcd7662fa46c6bb644
SHA256: 6c274081d74b392b6f82848f8f49581d947b8d99fdc5e5d587ccea4e35153242
SHA512: d515882415d2f35490279e8ebd35155502fecab2a5631331e8009ae480e3bed4
c8fe020cc9713dc9f070dfaa61a2c5f705ffccfc26c2ebef0849ea3a3d6b7268
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4a7000
timedatestamp.....: 0x48f9f48e (Sat Oct 18 14:37:02 2008)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x26b96 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x28000 0xd592 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x36000 0x30a20 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text1 0x67000 0x40000 0x3d000 7.97 1a518114107e0ab2e4ab9300f838ba02
.adata 0xa7000 0x10000 0xd000 7.01 80c01a36556f925e862ec93458a79ee1
.data1 0xb7000 0x20000 0xc000 4.78 784b89e308921b91a4f6a49317919152
.pdata 0xd7000 0x90000 0x8c000 8.00 febe54fcb36ed1996199fafe1f59c20f
.rsrc 0x167000 0x5b000 0x1000 0.50 e47f498acf8cab8626d9425cc6295af1

( 3 imports )
> KERNEL32.dll: CreateThread, GlobalUnlock, GlobalLock, GlobalAlloc, GetTickCount, WideCharToMultiByte, IsBadReadPtr, GlobalAddAtomA, GlobalAddAtomW, GetModuleHandleA, GlobalFree, GlobalGetAtomNameA, GlobalDeleteAtom, GlobalGetAtomNameW, FreeConsole, GetEnvironmentVariableA, VirtualProtect, VirtualAlloc, GetProcAddress, GetLastError, LoadLibraryA, SetLastError, SetThreadPriority, GetCurrentThread, CreateProcessA, GetCommandLineA, GetStartupInfoA, SetEnvironmentVariableA, ReleaseMutex, WaitForSingleObject, CreateMutexA, OpenMutexA, SetErrorMode, GetCurrentThreadId, CreateFileA, FindClose, FindFirstFileA, FindFirstFileW, VirtualQueryEx, GetExitCodeProcess, ReadProcessMemory, VirtualProtectEx, UnmapViewOfFile, ContinueDebugEvent, SetThreadContext, GetThreadContext, WaitForDebugEvent, SuspendThread, DebugActiveProcess, ResumeThread, CreateProcessW, CloseHandle, GetStartupInfoW, MapViewOfFile, DuplicateHandle, GetCurrentProcess, CreateFileMappingA, WriteProcessMemory, ExitProcess, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, MultiByteToWideChar, LCMapStringA, HeapSize, HeapReAlloc, QueryPerformanceCounter, VirtualFree, HeapCreate, HeapDestroy, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, RtlUnwind, DeleteCriticalSection, GetStdHandle, WriteFile, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, Sleep, EnterCriticalSection, LeaveCriticalSection, GetVersionExA, InitializeCriticalSection, GetCurrentProcessId, GetModuleFileNameW, GetShortPathNameW, GetModuleFileNameA, GetCommandLineW, GetShortPathNameA, GetSystemTimeAsFileTime, HeapFree, HeapAlloc, GetProcessHeap, RaiseException, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage
> USER32.dll: GetDesktopWindow, MoveWindow, SetPropA, EnumThreadWindows, GetPropA, GetMessageA, GetSystemMetrics, SetTimer, GetAsyncKeyState, KillTimer, BeginPaint, EndPaint, SetWindowTextA, GetDlgItem, CreateDialogIndirectParamA, ShowWindow, UpdateWindow, LoadStringA, LoadStringW, FindWindowA, WaitForInputIdle, MessageBoxA, InSendMessage, UnpackDDElParam, FreeDDElParam, DefWindowProcA, LoadCursorA, RegisterClassW, CreateWindowExW, RegisterClassA, CreateWindowExA, GetWindowThreadProcessId, SendMessageW, SendMessageA, PeekMessageA, TranslateMessage, DispatchMessageA, EnumWindows, IsWindowUnicode, PackDDElParam, PostMessageW, PostMessageA, IsWindow, DestroyWindow
> GDI32.dll: CreateDCA, CreateDIBitmap, CreateCompatibleDC, SelectObject, SelectPalette, RealizePalette, BitBlt, DeleteDC, DeleteObject, CreatePalette

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=9D508C7100AE26EF402B0E4AA685130013D5062E
packers (F-Prot): Armadillo
packers (Avast): Armadillo
0
Réponse 4 / 36
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 09:59
enfaite je ne comprend pa qu' hijack le trouve et pa moi???
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 nov. 2008 à 10:02
Re,

parce que il est 'caché'.

fais la manip et tu devrais le voir.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 10:11
voila le fichier et merci pour le conseil

Fichier sgfhost.exe reçu le 2008.11.10 10:06:24 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 20/36 (55.56%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 52 et 75 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.7.1 2008.11.10 -
AntiVir 7.9.0.29 2008.11.10 TR/Dropper.Gen
Authentium 5.1.0.4 2008.11.09 -
Avast 4.8.1248.0 2008.11.10 Win32:SdBot-gen
AVG 8.0.0.161 2008.11.09 BackDoor.RBot.AS
BitDefender 7.2 2008.11.10 Backdoor.SDBot.DFYR
CAT-QuickHeal 9.50 2008.11.10 Backdoor.SdBot.fwc
ClamAV 0.94.1 2008.11.10 -
DrWeb 4.44.0.09170 2008.11.10 BackDoor.IRC.Sdbot.4105
eSafe 7.0.17.0 2008.11.09 -
eTrust-Vet 31.6.6199 2008.11.08 Win32/IRCBot.DP
Ewido 4.0 2008.11.09 -
F-Prot 4.4.4.56 2008.11.09 -
F-Secure 8.0.14332.0 2008.11.10 Backdoor.Win32.SdBot.ibz
Fortinet 3.117.0.0 2008.11.09 W32/SDBot.IBZ!tr.bdr
GData 19 2008.11.10 Backdoor.SDBot.DFYR
Ikarus T3.1.1.45.0 2008.11.10 Backdoor.SdBot.DFYR
K7AntiVirus 7.10.520 2008.11.08 Backdoor.Win32.SdBot.ibz
Kaspersky 7.0.0.125 2008.11.10 Backdoor.Win32.SdBot.ibz
McAfee 5429 2008.11.10 W32/Sdbot.worm
Microsoft 1.4104 2008.11.10 -
NOD32 3598 2008.11.10 -
Norman 5.80.02 2008.11.07 -
Panda 9.0.0.4 2008.11.09 Suspicious file
PCTools 4.4.2.0 2008.11.09 -
Prevx1 V2 2008.11.10 Suspicious
Rising 21.03.01.00 2008.11.10 -
SecureWeb-Gateway 6.7.6 2008.11.10 Trojan.Dropper.Gen
Sophos 4.35.0 2008.11.10 Mal/Generic-A
Sunbelt 3.1.1785.2 2008.11.08 Backdoor.SDBot
Symantec 10 2008.11.10 -
TheHacker 6.3.1.1.147 2008.11.10 -
TrendMicro 8.700.0.1004 2008.11.10 -
VBA32 3.12.8.9 2008.11.10 Backdoor.Win32.SdBot.ibz
ViRobot 2008.11.10.1458 2008.11.10 -
VirusBuster 4.5.11.0 2008.11.09 -
Information additionnelle
File size: 933888 bytes
MD5...: 39f63896962b7342f30fa56c464b68b2
SHA1..: ea3e77f92c2017b9a06cb2fcd7662fa46c6bb644
SHA256: 6c274081d74b392b6f82848f8f49581d947b8d99fdc5e5d587ccea4e35153242
SHA512: d515882415d2f35490279e8ebd35155502fecab2a5631331e8009ae480e3bed4
c8fe020cc9713dc9f070dfaa61a2c5f705ffccfc26c2ebef0849ea3a3d6b7268
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4a7000
timedatestamp.....: 0x48f9f48e (Sat Oct 18 14:37:02 2008)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x26b96 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x28000 0xd592 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x36000 0x30a20 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text1 0x67000 0x40000 0x3d000 7.97 1a518114107e0ab2e4ab9300f838ba02
.adata 0xa7000 0x10000 0xd000 7.01 80c01a36556f925e862ec93458a79ee1
.data1 0xb7000 0x20000 0xc000 4.78 784b89e308921b91a4f6a49317919152
.pdata 0xd7000 0x90000 0x8c000 8.00 febe54fcb36ed1996199fafe1f59c20f
.rsrc 0x167000 0x5b000 0x1000 0.50 e47f498acf8cab8626d9425cc6295af1

( 3 imports )
> KERNEL32.dll: CreateThread, GlobalUnlock, GlobalLock, GlobalAlloc, GetTickCount, WideCharToMultiByte, IsBadReadPtr, GlobalAddAtomA, GlobalAddAtomW, GetModuleHandleA, GlobalFree, GlobalGetAtomNameA, GlobalDeleteAtom, GlobalGetAtomNameW, FreeConsole, GetEnvironmentVariableA, VirtualProtect, VirtualAlloc, GetProcAddress, GetLastError, LoadLibraryA, SetLastError, SetThreadPriority, GetCurrentThread, CreateProcessA, GetCommandLineA, GetStartupInfoA, SetEnvironmentVariableA, ReleaseMutex, WaitForSingleObject, CreateMutexA, OpenMutexA, SetErrorMode, GetCurrentThreadId, CreateFileA, FindClose, FindFirstFileA, FindFirstFileW, VirtualQueryEx, GetExitCodeProcess, ReadProcessMemory, VirtualProtectEx, UnmapViewOfFile, ContinueDebugEvent, SetThreadContext, GetThreadContext, WaitForDebugEvent, SuspendThread, DebugActiveProcess, ResumeThread, CreateProcessW, CloseHandle, GetStartupInfoW, MapViewOfFile, DuplicateHandle, GetCurrentProcess, CreateFileMappingA, WriteProcessMemory, ExitProcess, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, MultiByteToWideChar, LCMapStringA, HeapSize, HeapReAlloc, QueryPerformanceCounter, VirtualFree, HeapCreate, HeapDestroy, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, RtlUnwind, DeleteCriticalSection, GetStdHandle, WriteFile, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, Sleep, EnterCriticalSection, LeaveCriticalSection, GetVersionExA, InitializeCriticalSection, GetCurrentProcessId, GetModuleFileNameW, GetShortPathNameW, GetModuleFileNameA, GetCommandLineW, GetShortPathNameA, GetSystemTimeAsFileTime, HeapFree, HeapAlloc, GetProcessHeap, RaiseException, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage
> USER32.dll: GetDesktopWindow, MoveWindow, SetPropA, EnumThreadWindows, GetPropA, GetMessageA, GetSystemMetrics, SetTimer, GetAsyncKeyState, KillTimer, BeginPaint, EndPaint, SetWindowTextA, GetDlgItem, CreateDialogIndirectParamA, ShowWindow, UpdateWindow, LoadStringA, LoadStringW, FindWindowA, WaitForInputIdle, MessageBoxA, InSendMessage, UnpackDDElParam, FreeDDElParam, DefWindowProcA, LoadCursorA, RegisterClassW, CreateWindowExW, RegisterClassA, CreateWindowExA, GetWindowThreadProcessId, SendMessageW, SendMessageA, PeekMessageA, TranslateMessage, DispatchMessageA, EnumWindows, IsWindowUnicode, PackDDElParam, PostMessageW, PostMessageA, IsWindow, DestroyWindow
> GDI32.dll: CreateDCA, CreateDIBitmap, CreateCompatibleDC, SelectObject, SelectPalette, RealizePalette, BitBlt, DeleteDC, DeleteObject, CreatePalette

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=9D508C7100AE26EF402B0E4AA685130013D5062E
packers (F-Prot): Armadillo
packers (Avast): Armadillo
0
Réponse 6 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 nov. 2008 à 10:20
Re,

comme ce fichier semble mal connu, ouvre ce lien

https://www.broadcom.com/

et envoie le fichier comme demandé.

Poste le rapport si rapport il y a (ou l'url du rapport).

On en saura plus sur lui.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 10:31
voila https://www.broadcom.com/ ça a l'air d'un virus
0
Réponse 7 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 nov. 2008 à 10:39
Re,

je savais que c'était une vilaine bebête.

On l'attaque comme ça :

Imprime ces instructions car tu n'y auras pas accès durant le passage en mode sans échec.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié dans C:\. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

__________________

Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter
* Copie/colle ceci dans la fenêtre :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe


* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDfix.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 12:05
voila le log sdfix:



[b]SDFix: Version 1.240 [/b]
Run by f‚lix on 10/11/2008 at 10:58

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 11:51:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:12bdf99a
"s1"=dword:c41702cb
"s2"=dword:740a4fa8
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:1d,71,d0,49,13,0f,f3,4a,66,27,7e,4f,ed,37,01,73,41,2e,26,9c,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f0,70,40,0d,71,6f,6a,e0,b8,a5,4b,ff,64,c1,5d,60,66,..
"khjeh"=hex:85,26,a8,bf,95,84,6e,57,14,f6,ed,21,04,49,e1,6c,a4,36,7b,8a,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ea,e5,bf,71,bd,25,37,05,fc,c5,dc,56,ac,1f,63,3c,06,65,ae,a3,f7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2c,96,c7,ca,97,5c,b2,28,7e,ee,d4,be,c3,a3,21,01,00,e9,6c,b9,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0c,2d,67,16,97,9f,e0,dd,18,c9,7a,e3,2c,3b,28,01,b8,27,bc,f3,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:63,6e,68,34,3d,08,1e,32,d9,72,47,f0,05,75,bc,f1,e0,14,b4,bb,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d4,41,f8,05,fe,6e,fc,25,0b,c1,3c,a7,c0,fb,d1,61,30,e8,99,a9,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f0,70,40,0d,71,6f,6a,e0,b8,a5,4b,ff,64,c1,5d,60,66,..
"khjeh"=hex:85,26,a8,bf,95,84,6e,57,14,f6,ed,21,04,49,e1,6c,a4,36,7b,8a,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,3c,c7,b7,36,00,33,8a,36,8b,db,83,ba,d9,d3,e8,cc,4a,34,24,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0c,2d,67,16,97,9f,e0,dd,18,c9,7a,e3,2c,3b,28,01,b8,27,bc,f3,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0c,2d,67,16,97,9f,e0,dd,18,c9,7a,e3,2c,3b,28,01,b8,27,bc,f3,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:63,6e,68,34,3d,08,1e,32,d9,72,47,f0,05,75,bc,f1,e0,14,b4,bb,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:1d,71,d0,49,13,0f,f3,4a,66,27,7e,4f,ed,37,01,73,41,2e,26,9c,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f0,70,40,0d,71,6f,6a,e0,b8,a5,4b,ff,64,c1,5d,60,66,..
"khjeh"=hex:85,26,a8,bf,95,84,6e,57,14,f6,ed,21,04,49,e1,6c,a4,36,7b,8a,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ea,e5,bf,71,bd,25,37,05,fc,c5,dc,56,ac,1f,63,3c,06,65,ae,a3,f7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2c,96,c7,ca,97,5c,b2,28,7e,ee,d4,be,c3,a3,21,01,00,e9,6c,b9,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0c,2d,67,16,97,9f,e0,dd,18,c9,7a,e3,2c,3b,28,01,b8,27,bc,f3,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:63,6e,68,34,3d,08,1e,32,d9,72,47,f0,05,75,bc,f1,e0,14,b4,bb,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe]

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\1\r\x201e\27ï\17ÏF\x2dc\31hv\x2030H\xb7\xb7]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\N\20\xb6Mq\xa2xM`Î\f\x201eu\x00acA\xaf]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\x\27[B9ê\xb6G\x2019Ëâ}\xa5\x8dS’]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\Û\34Á>\1\16ÓD\x2020Ïûë\x201eÙÞo]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ç\36Ì1S}\34A\xbf\x8fI\32wy\x2030é]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\27*éæ\r\x2039ØHºW]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\34+\xbc\x201e\x2014\xa9\xa3Jx/éË\xa9\x2021XC]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x00d72x(:d\xa4N\xa5:\xb8\x81\no~\x2c6]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ÑAv`~\xb8pL\xa6\16\x201d\xbeo*\xbfÇ]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x00d7E&i’\20ãH\x2020\xa8h#ç\36\xac\24]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\xa3GÌÓ~\34\tGSDÉâ`l\xb7t]
"þÿ??ÿÿ\tÀ"=hex:4e,10,b6,4d,71,a2,9f,4d,8a,ce,0c,84,75,ac,41,af,01,00,00,00,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x00b1b\16\x8d.\xa5mL\xbf`mò\36ù\x9dÂ]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x81ttô\x81HÒE\xb0?Ö\x00bfFSj]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\(w\x008fA\xa8\x2022=K\xb2\fÆ\a\34\vý7]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\]ž—ž\xe426\x2496]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\EÒ\x2b1dû¸é\x2c58Â]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ÔS\x267by‡\x2d0cŽ\x335b]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\X\x25fd\x251b \27\xdb936]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ó²nx¿\xab2dCË]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\a–#Š\x2986Ø\xa79fé]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\þÙÄ`\x381·\x177c\xf7]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\N¹Ì«õ\xf153\xa7d7]
"þÿ??ÿÿ\20À"=hex:92,d3,29,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x9ff6!¡Ë’\x18d5\xe135\xf388]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\°\xe5373\xabb9\xf161\xf485]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\xa77d–e¯\x30b8\x7c6\x19aaY]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\a…7“‘\xf208]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ª÷ÀŸ¡q\x2355]
"þÿ??ÿÿ\tÀ"=hex:1c,a1,b0,c5,37,e5,33,4d,b9,ab,61,f1,85,f4,05,ac,01,00,00,00,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ì-\x30fb¤€h€6]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\xd91c\xf1ec\xa541‡Œž§·]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\xedeb\xabf0ÁÍ\xdca2Hn0]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\P¨
›\x226e\xf319\xe217]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Documents and Settings\\f‚lix\\Bureau\\HL2\\hl2.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\HL2\\hl2.exe:*:Disabled:hl2"
"C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\HL2\\hl2.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\HL2\\hl2.exe:*:Disabled:hl2"
"C:\\Program Files\\id Software\\Quake 4\\Quake4Ded.exe"="C:\\Program Files\\id Software\\Quake 4\\Quake4Ded.exe:*:Disabled:Quake 4"
"C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Disabled:quake3"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Disabled:CoD2MP_s"
"C:\\Program Files\\RomuSoft\\romustrike\\romustrike.exe"="C:\\Program Files\\RomuSoft\\romustrike\\romustrike.exe:*:Disabled:romustrike"
"C:\\Documents and Settings\\f‚lix\\Bureau\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe:*:Disabled:Test Drive Unlimited"
"C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe:*:Disabled:Test Drive Unlimited"
"C:\\Program Files\\Groove Games\\Land Of The Dead\\System\\LOTD.exe"="C:\\Program Files\\Groove Games\\Land Of The Dead\\System\\LOTD.exe:*:Disabled:Land Of The Dead"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942_w32ded.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942_w32ded.exe:*:Disabled:BF1942_w32ded"
"C:\\Documents and Settings\\f‚lix\\Bureau\\outil a fel\\emule.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\outil a fel\\emule.exe:*:Disabled:eChanblard"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Disabled:GameCenter"
"C:\\Documents and Settings\\f‚lix\\Bureau\\LFS.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\LFS.exe:*:Disabled:LFS"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Disabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Disabled:PnkBstrB"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Disabled:UT2004"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe:*:Disabled:Editeur"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe:*:Disabled:Far Cry 2"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe:*:Disabled:Far Cry 2 Updater"
"C:\\Program Files\\Cyanide\\Loki\\Loki.exe"="C:\\Program Files\\Cyanide\\Loki\\Loki.exe:*:Disabled:Loki"
"C:\\Program Files\\Cyanide\\Loki\\Autorun\\AutoRun.exe"="C:\\Program Files\\Cyanide\\Loki\\Autorun\\AutoRun.exe:*:Disabled:Loki - AutoRun"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Disabled:ET"
"C:\\Program Files\\Postal2STP\\System\\Postal2.exe"="C:\\Program Files\\Postal2STP\\System\\Postal2.exe:*:Disabled:Postal2"
"C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\Soldier of Fortune 2\\Setup\\sof2mp.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\Soldier of Fortune 2\\Setup\\sof2mp.exe:*:Disabled:sof2mp"
"C:\\Program Files\\Tremulous\\tremulous.exe"="C:\\Program Files\\Tremulous\\tremulous.exe:*:Disabled:tremulous"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\f‚lix\\Bureau\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Grid\\GRID.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Grid\\GRID.exe:*:Disabled:GRID Executable"
"C:\\Documents and Settings\\f‚lix\\Mes documents\\outil a fel\\uTorrent\\uTorrent.exe"="C:\\Documents and Settings\\f‚lix\\Mes documents\\outil a fel\\uTorrent\\uTorrent.exe:*:Disabled:æTorrent"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Disabled:maconfservice"
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Disabled:Malwarebytes' Anti-Malware"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Disabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Disabled:OrbTray"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\XPPDownloader\\XPPDownloader.exe"="C:\\Program Files\\XPPDownloader\\XPPDownloader.exe:*:Disabled:XPPDownloader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun 12 Mar 2006 10,311,680 ..SH. --- "C:\Program Files\AVIConverter\mencoder.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Sat 8 Nov 2008 23 A.SH. --- "C:\WINDOWS\system32\abfafd3_g.dll"
Sun 13 Apr 2008 933,888 ..SHR --- "C:\WINDOWS\system32\sgfhost.exe"
Sat 1 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 13 Aug 2004 1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Mon 18 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 30 Oct 2008 4,197 ...HR --- "C:\Documents and Settings\f‚lix\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]

et le log hijack:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:30, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\sgfhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GeForce Driver] sgfhost.exe
O4 - HKLM\..\RunServices: [GeForce Driver] sgfhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1225928303609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
0
Réponse 8 / 36
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 13:29
voila un peu plus d'info sur ce virus https://www.symantec.com?md5=39f63896962b7342f30fa56c464b68b2
Il a l'air vraiment coriace celui la de virus aider moi s'il vous plait.
0
Réponse 9 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 nov. 2008 à 14:56
Re,


supprime (si il existe Combofix.exe sur ton Bureau ainsi que le répertoire Qoobox à la racine du disque, en général C:\Qoobox).

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

en particulier, tu commences par installer al Console de récupération (voir le tuto)

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 18:40
voila le log parcontre j'ai eu un gros probléme avec avast j'ai du le réinstaller sinon sa va..



[b]SDFix: Version 1.240 [/b]
Run by f‚lix on 10/11/2008 at 10:58

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 11:51:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:12bdf99a
"s1"=dword:c41702cb
"s2"=dword:740a4fa8
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:1d,71,d0,49,13,0f,f3,4a,66,27,7e,4f,ed,37,01,73,41,2e,26,9c,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f0,70,40,0d,71,6f,6a,e0,b8,a5,4b,ff,64,c1,5d,60,66,..
"khjeh"=hex:85,26,a8,bf,95,84,6e,57,14,f6,ed,21,04,49,e1,6c,a4,36,7b,8a,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ea,e5,bf,71,bd,25,37,05,fc,c5,dc,56,ac,1f,63,3c,06,65,ae,a3,f7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2c,96,c7,ca,97,5c,b2,28,7e,ee,d4,be,c3,a3,21,01,00,e9,6c,b9,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0c,2d,67,16,97,9f,e0,dd,18,c9,7a,e3,2c,3b,28,01,b8,27,bc,f3,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:63,6e,68,34,3d,08,1e,32,d9,72,47,f0,05,75,bc,f1,e0,14,b4,bb,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:d4,41,f8,05,fe,6e,fc,25,0b,c1,3c,a7,c0,fb,d1,61,30,e8,99,a9,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f0,70,40,0d,71,6f,6a,e0,b8,a5,4b,ff,64,c1,5d,60,66,..
"khjeh"=hex:85,26,a8,bf,95,84,6e,57,14,f6,ed,21,04,49,e1,6c,a4,36,7b,8a,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:31,3c,c7,b7,36,00,33,8a,36,8b,db,83,ba,d9,d3,e8,cc,4a,34,24,5d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0c,2d,67,16,97,9f,e0,dd,18,c9,7a,e3,2c,3b,28,01,b8,27,bc,f3,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0c,2d,67,16,97,9f,e0,dd,18,c9,7a,e3,2c,3b,28,01,b8,27,bc,f3,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:63,6e,68,34,3d,08,1e,32,d9,72,47,f0,05,75,bc,f1,e0,14,b4,bb,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:1d,71,d0,49,13,0f,f3,4a,66,27,7e,4f,ed,37,01,73,41,2e,26,9c,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f0,70,40,0d,71,6f,6a,e0,b8,a5,4b,ff,64,c1,5d,60,66,..
"khjeh"=hex:85,26,a8,bf,95,84,6e,57,14,f6,ed,21,04,49,e1,6c,a4,36,7b,8a,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ea,e5,bf,71,bd,25,37,05,fc,c5,dc,56,ac,1f,63,3c,06,65,ae,a3,f7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2c,96,c7,ca,97,5c,b2,28,7e,ee,d4,be,c3,a3,21,01,00,e9,6c,b9,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:0c,2d,67,16,97,9f,e0,dd,18,c9,7a,e3,2c,3b,28,01,b8,27,bc,f3,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:63,6e,68,34,3d,08,1e,32,d9,72,47,f0,05,75,bc,f1,e0,14,b4,bb,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe]

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\1\r\x201e\27ï\17ÏF\x2dc\31hv\x2030H\xb7\xb7]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\N\20\xb6Mq\xa2xM`Î\f\x201eu\x00acA\xaf]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\x\27[B9ê\xb6G\x2019Ëâ}\xa5\x8dS’]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\Û\34Á>\1\16ÓD\x2020Ïûë\x201eÙÞo]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ç\36Ì1S}\34A\xbf\x8fI\32wy\x2030é]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\27*éæ\r\x2039ØHºW]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\34+\xbc\x201e\x2014\xa9\xa3Jx/éË\xa9\x2021XC]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x00d72x(:d\xa4N\xa5:\xb8\x81\no~\x2c6]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ÑAv`~\xb8pL\xa6\16\x201d\xbeo*\xbfÇ]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x00d7E&i’\20ãH\x2020\xa8h#ç\36\xac\24]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\xa3GÌÓ~\34\tGSDÉâ`l\xb7t]
"þÿ??ÿÿ\tÀ"=hex:4e,10,b6,4d,71,a2,9f,4d,8a,ce,0c,84,75,ac,41,af,01,00,00,00,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x00b1b\16\x8d.\xa5mL\xbf`mò\36ù\x9dÂ]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x81ttô\x81HÒE\xb0?Ö\x00bfFSj]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\(w\x008fA\xa8\x2022=K\xb2\fÆ\a\34\vý7]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\]ž—ž\xe426\x2496]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\EÒ\x2b1dû¸é\x2c58Â]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ÔS\x267by‡\x2d0cŽ\x335b]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\X\x25fd\x251b \27\xdb936]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ó²nx¿\xab2dCË]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\a–#Š\x2986Ø\xa79fé]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\þÙÄ`\x381·\x177c\xf7]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\N¹Ì«õ\xf153\xa7d7]
"þÿ??ÿÿ\20À"=hex:92,d3,29,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\x9ff6!¡Ë’\x18d5\xe135\xf388]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\°\xe5373\xabb9\xf161\xf485]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\xa77d–e¯\x30b8\x7c6\x19aaY]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\a…7“‘\xf208]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ª÷ÀŸ¡q\x2355]
"þÿ??ÿÿ\tÀ"=hex:1c,a1,b0,c5,37,e5,33,4d,b9,ab,61,f1,85,f4,05,ac,01,00,00,00,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\ì-\x30fb¤€h€6]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\xd91c\xf1ec\xa541‡Œž§·]
"þÿ??ÿÿ\20À"=hex:38,71,27,d8,54,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\\xedeb\xabf0ÁÍ\xdca2Hn0]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\\xf0f1\xfffe\P¨
›\x226e\xf319\xe217]
"þÿ??ÿÿ\20À"=hex:d0,18,17,ec,57,32,c9,01,02,00,00,00,01,00,00,00

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Documents and Settings\\f‚lix\\Bureau\\HL2\\hl2.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\HL2\\hl2.exe:*:Disabled:hl2"
"C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\HL2\\hl2.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\HL2\\hl2.exe:*:Disabled:hl2"
"C:\\Program Files\\id Software\\Quake 4\\Quake4Ded.exe"="C:\\Program Files\\id Software\\Quake 4\\Quake4Ded.exe:*:Disabled:Quake 4"
"C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Disabled:quake3"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Disabled:CoD2MP_s"
"C:\\Program Files\\RomuSoft\\romustrike\\romustrike.exe"="C:\\Program Files\\RomuSoft\\romustrike\\romustrike.exe:*:Disabled:romustrike"
"C:\\Documents and Settings\\f‚lix\\Bureau\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe:*:Disabled:Test Drive Unlimited"
"C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe:*:Disabled:Test Drive Unlimited"
"C:\\Program Files\\Groove Games\\Land Of The Dead\\System\\LOTD.exe"="C:\\Program Files\\Groove Games\\Land Of The Dead\\System\\LOTD.exe:*:Disabled:Land Of The Dead"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942_w32ded.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942_w32ded.exe:*:Disabled:BF1942_w32ded"
"C:\\Documents and Settings\\f‚lix\\Bureau\\outil a fel\\emule.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\outil a fel\\emule.exe:*:Disabled:eChanblard"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Disabled:GameCenter"
"C:\\Documents and Settings\\f‚lix\\Bureau\\LFS.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\LFS.exe:*:Disabled:LFS"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Disabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Disabled:PnkBstrB"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Disabled:UT2004"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe:*:Disabled:Editeur"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe:*:Disabled:Far Cry 2"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe:*:Disabled:Far Cry 2 Updater"
"C:\\Program Files\\Cyanide\\Loki\\Loki.exe"="C:\\Program Files\\Cyanide\\Loki\\Loki.exe:*:Disabled:Loki"
"C:\\Program Files\\Cyanide\\Loki\\Autorun\\AutoRun.exe"="C:\\Program Files\\Cyanide\\Loki\\Autorun\\AutoRun.exe:*:Disabled:Loki - AutoRun"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Disabled:ET"
"C:\\Program Files\\Postal2STP\\System\\Postal2.exe"="C:\\Program Files\\Postal2STP\\System\\Postal2.exe:*:Disabled:Postal2"
"C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\Soldier of Fortune 2\\Setup\\sof2mp.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\mes documents\\jeu pc\\Soldier of Fortune 2\\Setup\\sof2mp.exe:*:Disabled:sof2mp"
"C:\\Program Files\\Tremulous\\tremulous.exe"="C:\\Program Files\\Tremulous\\tremulous.exe:*:Disabled:tremulous"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\f‚lix\\Bureau\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Grid\\GRID.exe"="C:\\Documents and Settings\\f‚lix\\Bureau\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Grid\\GRID.exe:*:Disabled:GRID Executable"
"C:\\Documents and Settings\\f‚lix\\Mes documents\\outil a fel\\uTorrent\\uTorrent.exe"="C:\\Documents and Settings\\f‚lix\\Mes documents\\outil a fel\\uTorrent\\uTorrent.exe:*:Disabled:æTorrent"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Disabled:maconfservice"
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Disabled:Malwarebytes' Anti-Malware"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Disabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Disabled:OrbTray"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\XPPDownloader\\XPPDownloader.exe"="C:\\Program Files\\XPPDownloader\\XPPDownloader.exe:*:Disabled:XPPDownloader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun 12 Mar 2006 10,311,680 ..SH. --- "C:\Program Files\AVIConverter\mencoder.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Sat 8 Nov 2008 23 A.SH. --- "C:\WINDOWS\system32\abfafd3_g.dll"
Sun 13 Apr 2008 933,888 ..SHR --- "C:\WINDOWS\system32\sgfhost.exe"
Sat 1 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 13 Aug 2004 1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Mon 18 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 30 Oct 2008 4,197 ...HR --- "C:\Documents and Settings\f‚lix\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]
0
Réponse 10 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 nov. 2008 à 19:26
Re,

eu non, ça va pas, c'est pas le bon rapport lol.

je veux celui-là:

C:\ComboFix.txt

pas la copie du SDFix de ce matin.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
10 nov. 2008 à 20:03
ah oui escuse moi enfaite j'ai regardé dans system 32 il y a toujours sgfhost.exe voila le log:



ComboFix 08-11-09.04 - félix 2008-11-10 16:18:35.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1434 [GMT 1:00]
Lancé depuis: c:\documents and settings\félix\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\félix\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\abfafd3_g.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\MSINET.oca
c:\windows\system32\packet.dll
c:\windows\system32\tmp40.tmp
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-10 10:57 . 2008-11-10 10:57 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-10 10:53 . 2008-11-10 10:53 <REP> d-------- c:\windows\ERUNT
2008-11-10 10:46 . 2008-11-10 11:57 <REP> d-------- C:\SDFix
2008-11-10 08:50 . 2008-11-10 08:50 2,688 --a------ c:\windows\system32\settings.aaw
2008-11-10 08:50 . 2008-11-10 08:50 864 --a------ c:\windows\system32\history.aaw
2008-11-10 06:51 . 2008-11-10 06:51 <REP> d-------- c:\program files\CCleaner
2008-11-10 02:37 . 2008-11-10 02:37 <REP> d-------- c:\program files\Trend Micro
2008-11-09 23:11 . 2008-11-10 13:02 <REP> d-------- c:\windows\system32\CatRoot2
2008-11-09 05:40 . 2008-11-10 03:26 <REP> d-------- c:\program files\Lavasoft
2008-11-09 05:40 . 2008-11-10 03:28 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-09 05:39 . 2008-11-10 03:26 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-08 19:05 . 2008-11-08 19:05 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-08 18:12 . 2008-11-10 16:59 2,721,824 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-08 18:12 . 2008-11-10 16:22 33,896 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-08 18:06 . 2008-11-08 18:06 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-08 18:04 . 2008-11-08 18:06 <REP> d-------- c:\windows\system32\ZoneLabs
2008-11-08 18:04 . 2008-11-08 18:04 <REP> d-------- c:\program files\Zone Labs
2008-11-08 18:04 . 2008-11-10 16:25 358,382 --a------ c:\windows\system32\vsconfig.xml
2008-11-08 15:02 . 2008-11-08 15:02 <REP> d-------- c:\documents and settings\NetworkService\Bureau
2008-11-08 14:12 . 2008-07-18 22:09 29,896 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-08 10:48 . 2008-11-08 10:48 418,986 --a------ c:\windows\windowsupdate.bat
2008-11-08 10:35 . 2008-11-10 16:59 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 10:34 . 2008-11-08 10:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Dell
2008-11-08 08:18 . 2008-11-09 22:50 <REP> d-------- c:\program files\a-squared Free
2008-11-08 07:48 . 2008-11-08 07:48 84 --a------ c:\windows\Mezou.Ini
2008-11-08 07:16 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Invité\Voisinage réseau
2008-11-08 07:16 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Invité\Voisinage réseau
2008-11-08 07:16 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Invité\Voisinage d'impression
2008-11-08 07:16 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Invité\Voisinage d'impression
2008-11-08 07:16 . 2008-02-21 12:09 <REP> d--h----- c:\documents and settings\Invité\Modèles
2008-11-08 07:16 . 2008-02-21 12:09 <REP> d--h----- c:\documents and settings\Invité\Modèles
2008-11-08 07:16 . 2008-11-08 07:17 <REP> dr------- c:\documents and settings\Invité\Mes documents
2008-11-08 07:16 . 2008-11-08 07:17 <REP> dr------- c:\documents and settings\Invité\Mes documents
2008-11-08 07:16 . 2008-02-21 13:05 <REP> dr------- c:\documents and settings\Invité\Menu Démarrer
2008-11-08 07:16 . 2008-02-21 13:05 <REP> dr------- c:\documents and settings\Invité\Menu Démarrer
2008-11-08 07:16 . 2008-11-08 07:17 <REP> dr------- c:\documents and settings\Invité\Favoris
2008-11-08 07:16 . 2008-11-08 07:17 <REP> dr------- c:\documents and settings\Invité\Favoris
2008-11-08 07:16 . 2008-02-21 12:43 <REP> d-------- c:\documents and settings\Invité\Application Data\Intel
2008-11-08 07:16 . 2008-11-08 10:15 <REP> d-------- c:\documents and settings\Invité
2008-11-08 06:46 . 2008-11-09 03:38 <REP> d-------- c:\documents and settings\félix\Application Data\GlarySoft
2008-11-08 06:44 . 2008-11-08 06:44 <REP> d-------- c:\program files\Glary Utilities
2008-11-08 06:20 . 2008-11-08 06:20 23 --a------ c:\windows\system32\cccaead0_g.ocx
2008-11-08 05:07 . 2008-11-08 05:07 <REP> d-------- c:\program files\Windows Defender
2008-11-07 18:42 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmp3F.tmp
2008-11-07 09:11 . 2008-11-07 09:14 <REP> d-------- c:\windows\$regcmp$
2008-11-07 06:54 . 2008-11-07 07:15 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-07 06:54 . 2008-11-08 10:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-07 02:31 . 2008-11-07 02:31 <REP> d-------- c:\program files\Fichiers communs\Scanner
2008-11-06 05:59 . 2008-11-06 05:59 <REP> d-------- c:\program files\Free Download Manager
2008-11-06 05:59 . 2008-11-10 06:48 <REP> d-------- c:\documents and settings\félix\Application Data\Free Download Manager
2008-11-06 01:06 . 2008-11-06 01:06 <REP> d-------- c:\documents and settings\félix\Application Data\Windows Search
2008-11-05 21:59 . 2008-11-05 21:22 <REP> d-------- c:\documents and settings\félix\Application Data\uTorrent(2)
2008-11-05 21:23 . 2008-11-05 21:23 <REP> d-------- c:\program files\Java
2008-11-05 21:23 . 2008-11-05 21:23 <REP> d-------- c:\program files\Fichiers communs\Java
2008-11-05 21:22 . 2008-11-05 21:22 <REP> d-------- c:\program files\uTorrent
2008-11-05 21:22 . 2008-11-10 08:48 <REP> d-------- c:\documents and settings\félix\Application Data\uTorrent
2008-11-03 01:59 . 2008-11-03 01:59 <REP> d-------- c:\documents and settings\félix\Application Data\DivX
2008-10-30 05:26 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-10-30 05:26 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-10-30 05:26 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-10-30 05:26 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-10-30 05:26 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-10-30 05:26 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-10-30 05:26 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-10-30 05:24 . 2008-10-30 05:24 <REP> d-------- c:\windows\Logs
2008-10-27 19:08 . 2008-10-27 19:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-27 19:08 . 2008-10-27 19:08 <REP> d-------- c:\documents and settings\félix\Application Data\Malwarebytes
2008-10-27 19:08 . 2008-10-27 19:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 19:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-27 19:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-26 09:00 . 1998-06-17 23:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-10-26 09:00 . 2000-03-17 08:21 69,632 --a------ c:\windows\system32\xmltok.dll
2008-10-26 09:00 . 2000-03-17 08:21 36,864 --a------ c:\windows\system32\xmlparse.dll
2008-10-26 09:00 . 2002-04-24 11:43 35,840 --a------ c:\windows\system32\comdlg32.oca
2008-10-26 09:00 . 2002-10-17 09:35 26,096 --a------ c:\windows\system32\xmlinst.exe
2008-10-26 08:52 . 2008-10-30 05:18 <REP> d-------- c:\program files\Ubisoft
2008-10-25 21:50 . 2008-11-08 10:14 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Winamp
2008-10-25 21:46 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-10-25 21:46 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-10-25 21:46 . 2008-02-21 12:09 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-10-25 21:46 . 2008-10-25 21:48 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2008-10-25 21:46 . 2008-02-21 13:05 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-10-25 21:46 . 2008-10-25 21:48 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2008-10-25 21:46 . 2008-02-21 12:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Intel
2008-10-25 21:46 . 2008-11-08 10:14 <REP> d-------- c:\documents and settings\Administrateur
2008-10-25 17:39 . 2006-11-10 08:25 319,456 --a------ c:\windows\system32\difxapi.dll
2008-10-24 21:30 . 2008-10-25 00:31 <REP> d-------- c:\windows\system32\Adobe
2008-10-24 09:54 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 22:07 . 2008-10-17 22:13 <REP> d-------- c:\program files\Profiles
2008-10-16 17:29 . 2008-10-16 17:34 <REP> d-------- c:\program files\Savage
2008-10-16 07:03 . 2008-10-16 07:04 248 --a------ c:\windows\SIERRA.INI
2008-10-16 01:56 . 2008-10-16 01:56 <REP> d-------- c:\documents and settings\félix\Application Data\tmp
2008-10-16 01:56 . 2008-10-16 01:56 <REP> d-------- c:\documents and settings\félix\Application Data\Reallusion
2008-10-16 01:26 . 2008-10-16 06:57 <REP> d-------- c:\program files\Pteroglider
2008-10-14 21:19 . 2008-10-14 21:19 <REP> d-------- c:\documents and settings\félix\Application Data\gnupg
2008-10-14 18:38 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 18:27 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 18:27 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 18:27 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 18:27 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 18:26 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-13 20:28 . 2008-10-13 20:28 8,192 --ahs---- c:\windows\Thumbs.db

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 15:59 42,512 ----a-w c:\windows\system32\drivers\npf.sys
2008-11-08 09:15 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-08 09:15 --------- d-----w c:\program files\Navilog1
2008-11-08 09:15 --------- d-----w c:\program files\eMule
2008-11-08 09:15 --------- d-----w c:\program files\Dell
2008-11-08 09:15 --------- d-----w c:\program files\Ahead
2008-11-08 09:15 --------- d-----w c:\program files\7-Zip
2008-11-08 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-07 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-11-03 05:20 --------- d-----w c:\program files\ma-config.com
2008-11-03 05:20 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-02 19:42 --------- d-----w c:\documents and settings\félix\Application Data\Skype
2008-11-02 18:23 --------- d-----w c:\documents and settings\félix\Application Data\skypePM
2008-11-01 17:12 --------- d-----w c:\program files\Tremulous
2008-10-30 04:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 04:58 --------- d-----w c:\documents and settings\félix\Application Data\Desktopicon
2008-10-27 16:25 4,280 ----a-w c:\documents and settings\félix\Application Data\wklnhst.dat
2008-10-26 01:58 --------- d-----w c:\documents and settings\félix\Application Data\Winamp
2008-10-25 16:39 --------- d-----w c:\program files\Intel
2008-10-24 23:31 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-13 20:13 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-11 03:17 --------- d-----w c:\documents and settings\félix\Application Data\Ahead
2008-10-09 06:11 --------- d-----w c:\program files\OpenAL
2008-10-09 03:20 --------- d-----w c:\program files\Giganology
2008-10-08 06:41 --------- d-----w c:\program files\ffdshow
2008-09-30 13:56 --------- d-----w c:\program files\Rockstar Games
2008-09-26 21:41 --------- d-----w c:\program files\AVIConverter
2008-09-26 14:41 --------- d-----w c:\documents and settings\félix\Application Data\AVS4YOU
2008-09-20 20:33 --------- d-----w c:\program files\Unlocker
2008-08-26 12:51 2,402,832 ----a-w c:\program files\WLinstaller.exe
2008-07-26 06:12 132,500,772 ----a-w c:\program files\loki_patch_v_1_0_6_0_international.exe
2008-06-14 15:46 9,581,368 ----a-w c:\program files\winamp5531_full_emusic-7plus_fr-fr.exe
2008-06-01 18:21 22,328 -c--a-w c:\documents and settings\félix\Application Data\PnkBstrK.sys
2008-03-10 18:13 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-21 14:49 76 --sh--r c:\windows\CT4CET.bin
2008-04-13 17:34 933,888 --sh--r c:\windows\system32\sgfhost.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-01 68856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"NVHotkey"="nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll]
"nwiz"="nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe]
"GeForce Driver"="sgfhost.exe" [2008-04-13 c:\windows\system32\sgfhost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"GeForce Driver"="sgfhost.exe" [2008-04-13 c:\windows\system32\sgfhost.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-02-21 50688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"GeForce Driver"=sgfhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Cyanide\\Loki\\Loki.exe"=
"c:\\Program Files\\Cyanide\\Loki\\Autorun\\AutoRun.exe"=
"c:\\Program Files\\Tremulous\\tremulous.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\félix\\Bureau\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Grid\\GRID.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"45373:TCP"= 45373:TCP:*:Disabled:port client
"45383:UDP"= 45383:UDP:*:Disabled:port ouvert
"45962:UDP"= 45962:UDP:*:Disabled:port inférieuer

R0 pe3agqwc;Loki Environment Driver (pe3agqwc);c:\windows\system32\drivers\pe3agqwc.sys [2007-05-18 64880]
R0 ps6agqwc;Loki Synchronization Driver (ps6agqwc);c:\windows\system32\drivers\ps6agqwc.sys [2007-08-02 68208]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-10-13 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\Drivers\OEM02Afx.sys [2007-06-07 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
S2 pr2agqwc;Loki Drivers Auto Removal (pr2agqwc);c:\windows\system32\pr2agqwc.exe svc [ ]
S3 epstw2k;Pilote SCSI du port parallèle SCM;c:\windows\system32\DRIVERS\epstw2k.sys [2001-08-17 114944]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-11-10 42512]
S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
.
Contenu du dossier 'Tâches planifiées'

2008-11-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

2008-11-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\félix\Application Data\Mozilla\Firefox\Profiles\zdvhwz6h.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FireFox -: user.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - c:\documents and settings\félix\Application Data\Mozilla\Firefox\Profiles\zdvhwz6h.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
.
.
------- Associations de fichier -------
.
JSEFile=c:\windows\NotePad.exe "%1"
VBEFile=c:\windows\NotePad.exe "%1"
VBSFile=c:\windows\NotePad.exe "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 16:58:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\wpcap.dll 240240 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\system32\nview.dll
-> c:\program files\Unlocker\UnlockerHook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\a-squared Free\a2service.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Windows Live\installer\WLSetupSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Heure de fin: 2008-11-10 17:03:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-10 16:03:44

Avant-CF: 11 301 158 912 octets libres
Après-CF: 12,121,694,208 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

351
0
Réponse 11 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
10 nov. 2008 à 23:51
Re,

Désinstalle Spybot S&D (Démarrer, Panneau de configuration, Ajout/suppression de programmes).

Télécharge Spybot S&D ici : http://www.commentcamarche.net/telecharger/telecharger 122 spybot

Installe le.

Mets à jour.

Vaccine mais n'installe pas le Tea-Timer.

===========================================

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Killall::

File::
C:\WINDOWS\system32\sgfhost.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GeForce Driver" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"GeForce Driver" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Licenses]
"{R7C0DB872A3F777C0}"=-
"{K7C0DB872A3F777C0}"=-
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"GeForce Driver" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
"RestrictAnonymous"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RestrictAnonymous"=dword:00000000

Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Ouvre ce lien : http://www.pcflank.com/scanner2.htm

et scanne tes ports, en particulier les ports 1033, 1034, 1036 et 1311.

Donne moi le résultat.

Remets aussi un rapport Hijackthis.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 09:16
voila le scan des ports:


Results of Advanced Port Scanner

TCP CONNECT scanning (scanned in 37 seconds)

We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;
Port: Status Service Description
1033 stealthed n/a n/a

Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.





Results of Advanced Port Scanner

TCP CONNECT scanning (scanned in 37 seconds)

We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;
Port: Status Service Description
1034 stealthed n/a n/a

Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.




We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;
Port: Status Service Description
1036 stealthed n/a n/a

Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.





TCP CONNECT scanning (scanned in 36 seconds)

We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;
Port: Status Service Description
1311 stealthed n/a n/a

Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 09:19
le combofix text:


ComboFix 08-11-09.04 - félix 2008-11-11 7:25:05.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1393 [GMT 1:00]
Lancé depuis: c:\documents and settings\félix\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\félix\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\sgfhost.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\sgfhost.exe
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
.

2008-11-11 07:12 . 2008-11-11 07:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-10 10:57 . 2008-11-10 10:57 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-10 10:53 . 2008-11-10 10:53 <REP> d-------- c:\windows\ERUNT
2008-11-10 10:46 . 2008-11-10 11:57 <REP> d-------- C:\SDFix
2008-11-10 08:50 . 2008-11-10 08:50 2,688 --a------ c:\windows\system32\settings.aaw
2008-11-10 08:50 . 2008-11-10 08:50 864 --a------ c:\windows\system32\history.aaw
2008-11-10 06:51 . 2008-11-10 06:51 <REP> d-------- c:\program files\CCleaner
2008-11-10 02:37 . 2008-11-10 02:37 <REP> d-------- c:\program files\Trend Micro
2008-11-09 23:11 . 2008-11-11 06:41 <REP> d-------- c:\windows\system32\CatRoot2
2008-11-09 05:40 . 2008-11-10 20:16 <REP> d-------- c:\program files\Lavasoft
2008-11-09 05:40 . 2008-11-10 03:28 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-09 05:39 . 2008-11-10 03:26 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-08 19:05 . 2008-11-08 19:05 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-08 18:12 . 2008-11-11 07:33 3,553,312 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-08 18:12 . 2008-11-11 07:29 43,688 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-08 18:06 . 2008-11-08 18:06 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-11-08 18:04 . 2008-11-08 18:06 <REP> d-------- c:\windows\system32\ZoneLabs
2008-11-08 18:04 . 2008-11-08 18:04 <REP> d-------- c:\program files\Zone Labs
2008-11-08 18:04 . 2008-11-11 07:31 358,382 --a------ c:\windows\system32\vsconfig.xml
2008-11-08 15:02 . 2008-11-08 15:02 <REP> d-------- c:\documents and settings\NetworkService\Bureau
2008-11-08 14:12 . 2008-07-18 22:09 29,896 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-08 10:48 . 2008-11-08 10:48 418,986 --a------ c:\windows\windowsupdate.bat
2008-11-08 10:35 . 2008-11-11 06:45 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 10:34 . 2008-11-08 10:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Dell
2008-11-08 08:18 . 2008-11-10 20:12 <REP> d-------- c:\program files\a-squared Free
2008-11-08 07:48 . 2008-11-08 07:48 84 --a------ c:\windows\Mezou.Ini
2008-11-08 07:16 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Invité\Voisinage réseau
2008-11-08 07:16 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Invité\Voisinage réseau
2008-11-08 07:16 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Invité\Voisinage d'impression
2008-11-08 07:16 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Invité\Voisinage d'impression
2008-11-08 07:16 . 2008-02-21 12:09 <REP> d--h----- c:\documents and settings\Invité\Modèles
2008-11-08 07:16 . 2008-02-21 12:09 <REP> d--h----- c:\documents and settings\Invité\Modèles
2008-11-08 07:16 . 2008-11-08 07:17 <REP> dr------- c:\documents and settings\Invité\Mes documents
2008-11-08 07:16 . 2008-11-08 07:17 <REP> dr------- c:\documents and settings\Invité\Mes documents
2008-11-08 07:16 . 2008-02-21 13:05 <REP> dr------- c:\documents and settings\Invité\Menu Démarrer
2008-11-08 07:16 . 2008-02-21 13:05 <REP> dr------- c:\documents and settings\Invité\Menu Démarrer
2008-11-08 07:16 . 2008-11-08 07:17 <REP> dr------- c:\documents and settings\Invité\Favoris
2008-11-08 07:16 . 2008-11-08 07:17 <REP> dr------- c:\documents and settings\Invité\Favoris
2008-11-08 07:16 . 2008-02-21 12:43 <REP> d-------- c:\documents and settings\Invité\Application Data\Intel
2008-11-08 07:16 . 2008-11-08 10:15 <REP> d-------- c:\documents and settings\Invité
2008-11-08 06:46 . 2008-11-09 03:38 <REP> d-------- c:\documents and settings\félix\Application Data\GlarySoft
2008-11-08 06:44 . 2008-11-08 06:44 <REP> d-------- c:\program files\Glary Utilities
2008-11-08 06:20 . 2008-11-08 06:20 23 --a------ c:\windows\system32\cccaead0_g.ocx
2008-11-08 05:07 . 2008-11-08 05:07 <REP> d-------- c:\program files\Windows Defender
2008-11-07 18:42 . 2008-04-28 16:53 805,400 -ra------ c:\windows\system32\tmp3F.tmp
2008-11-07 09:11 . 2008-11-07 09:14 <REP> d-------- c:\windows\$regcmp$
2008-11-07 06:54 . 2008-11-11 07:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-07 02:31 . 2008-11-07 02:31 <REP> d-------- c:\program files\Fichiers communs\Scanner
2008-11-06 05:59 . 2008-11-06 05:59 <REP> d-------- c:\program files\Free Download Manager
2008-11-06 05:59 . 2008-11-10 06:48 <REP> d-------- c:\documents and settings\félix\Application Data\Free Download Manager
2008-11-06 01:06 . 2008-11-06 01:06 <REP> d-------- c:\documents and settings\félix\Application Data\Windows Search
2008-11-05 21:59 . 2008-11-05 21:22 <REP> d-------- c:\documents and settings\félix\Application Data\uTorrent(2)
2008-11-05 21:23 . 2008-11-05 21:23 <REP> d-------- c:\program files\Java
2008-11-05 21:23 . 2008-11-05 21:23 <REP> d-------- c:\program files\Fichiers communs\Java
2008-11-05 21:22 . 2008-11-05 21:22 <REP> d-------- c:\program files\uTorrent
2008-11-05 21:22 . 2008-11-10 08:48 <REP> d-------- c:\documents and settings\félix\Application Data\uTorrent
2008-11-03 01:59 . 2008-11-03 01:59 <REP> d-------- c:\documents and settings\félix\Application Data\DivX
2008-10-30 05:26 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-10-30 05:26 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-10-30 05:26 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-10-30 05:26 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-10-30 05:26 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-10-30 05:26 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-10-30 05:26 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-10-30 05:24 . 2008-10-30 05:24 <REP> d-------- c:\windows\Logs
2008-10-27 19:08 . 2008-10-27 19:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-27 19:08 . 2008-10-27 19:08 <REP> d-------- c:\documents and settings\félix\Application Data\Malwarebytes
2008-10-27 19:08 . 2008-10-27 19:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 19:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-27 19:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-26 09:00 . 1998-06-17 23:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-10-26 09:00 . 2000-03-17 08:21 69,632 --a------ c:\windows\system32\xmltok.dll
2008-10-26 09:00 . 2000-03-17 08:21 36,864 --a------ c:\windows\system32\xmlparse.dll
2008-10-26 09:00 . 2002-04-24 11:43 35,840 --a------ c:\windows\system32\comdlg32.oca
2008-10-26 09:00 . 2002-10-17 09:35 26,096 --a------ c:\windows\system32\xmlinst.exe
2008-10-26 08:52 . 2008-10-30 05:18 <REP> d-------- c:\program files\Ubisoft
2008-10-25 21:50 . 2008-11-08 10:14 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Winamp
2008-10-25 21:46 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-10-25 21:46 . 2008-02-21 13:05 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-10-25 21:46 . 2008-02-21 12:09 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-10-25 21:46 . 2008-10-25 21:48 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2008-10-25 21:46 . 2008-02-21 13:05 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-10-25 21:46 . 2008-10-25 21:48 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2008-10-25 21:46 . 2008-02-21 12:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Intel
2008-10-25 21:46 . 2008-11-08 10:14 <REP> d-------- c:\documents and settings\Administrateur
2008-10-25 17:39 . 2006-11-10 08:25 319,456 --a------ c:\windows\system32\difxapi.dll
2008-10-24 21:30 . 2008-10-25 00:31 <REP> d-------- c:\windows\system32\Adobe
2008-10-24 09:54 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 22:07 . 2008-10-17 22:13 <REP> d-------- c:\program files\Profiles
2008-10-16 17:29 . 2008-10-16 17:34 <REP> d-------- c:\program files\Savage
2008-10-16 07:03 . 2008-10-16 07:04 248 --a------ c:\windows\SIERRA.INI
2008-10-16 01:56 . 2008-10-16 01:56 <REP> d-------- c:\documents and settings\félix\Application Data\tmp
2008-10-16 01:56 . 2008-10-16 01:56 <REP> d-------- c:\documents and settings\félix\Application Data\Reallusion
2008-10-16 01:26 . 2008-10-16 06:57 <REP> d-------- c:\program files\Pteroglider
2008-10-14 21:19 . 2008-10-14 21:19 <REP> d-------- c:\documents and settings\félix\Application Data\gnupg
2008-10-14 18:38 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 18:27 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 18:27 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 18:27 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 18:27 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 18:26 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-13 20:28 . 2008-10-13 20:28 8,192 --ahs---- c:\windows\Thumbs.db

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 09:15 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-08 09:15 --------- d-----w c:\program files\Navilog1
2008-11-08 09:15 --------- d-----w c:\program files\eMule
2008-11-08 09:15 --------- d-----w c:\program files\Dell
2008-11-08 09:15 --------- d-----w c:\program files\Ahead
2008-11-08 09:15 --------- d-----w c:\program files\7-Zip
2008-11-08 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-07 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-11-03 05:20 --------- d-----w c:\program files\ma-config.com
2008-11-03 05:20 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-02 19:42 --------- d-----w c:\documents and settings\félix\Application Data\Skype
2008-11-02 18:23 --------- d-----w c:\documents and settings\félix\Application Data\skypePM
2008-11-01 17:12 --------- d-----w c:\program files\Tremulous
2008-10-30 04:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-29 04:58 --------- d-----w c:\documents and settings\félix\Application Data\Desktopicon
2008-10-27 16:25 4,280 ----a-w c:\documents and settings\félix\Application Data\wklnhst.dat
2008-10-26 01:58 --------- d-----w c:\documents and settings\félix\Application Data\Winamp
2008-10-25 16:39 --------- d-----w c:\program files\Intel
2008-10-24 23:31 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-13 20:13 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-11 03:17 --------- d-----w c:\documents and settings\félix\Application Data\Ahead
2008-10-09 06:11 --------- d-----w c:\program files\OpenAL
2008-10-09 03:20 --------- d-----w c:\program files\Giganology
2008-10-08 06:41 --------- d-----w c:\program files\ffdshow
2008-09-30 13:56 --------- d-----w c:\program files\Rockstar Games
2008-09-26 21:41 --------- d-----w c:\program files\AVIConverter
2008-09-26 14:41 --------- d-----w c:\documents and settings\félix\Application Data\AVS4YOU
2008-09-20 20:33 --------- d-----w c:\program files\Unlocker
2008-08-26 12:51 2,402,832 ----a-w c:\program files\WLinstaller.exe
2008-07-26 06:12 132,500,772 ----a-w c:\program files\loki_patch_v_1_0_6_0_international.exe
2008-06-14 15:46 9,581,368 ----a-w c:\program files\winamp5531_full_emusic-7plus_fr-fr.exe
2008-06-01 18:21 22,328 -c--a-w c:\documents and settings\félix\Application Data\PnkBstrK.sys
2008-03-10 18:13 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-21 14:49 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( snapshot@2008-11-10_17.03.18.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-07-19 15:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
- 2008-07-19 14:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-07-19 15:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-10 16:42:12 262,144 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
- 2008-07-19 14:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-07-19 15:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
- 2008-07-19 14:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-07-19 15:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
- 2008-01-17 15:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-01-17 17:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
- 2008-07-19 14:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-07-19 15:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
- 2008-07-19 14:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-07-19 15:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
- 2008-07-19 14:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-07-19 15:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
- 2008-07-19 14:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-07-19 15:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2008-11-10 16:00:14 65,320 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-11 05:48:31 65,320 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-10 16:00:14 79,654 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-11 05:48:31 79,654 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-10 16:00:12 79,068 ----a-w c:\windows\system32\perfc040.dat
+ 2008-11-11 05:48:31 79,068 ----a-w c:\windows\system32\perfc040.dat
- 2008-11-10 16:00:14 410,468 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-11 05:48:31 410,468 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-10 16:00:14 478,826 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-11 05:48:31 478,826 ----a-w c:\windows\system32\perfh00C.dat
- 2008-11-10 16:00:12 477,792 ----a-w c:\windows\system32\perfh040.dat
+ 2008-11-11 05:48:31 477,792 ----a-w c:\windows\system32\perfh040.dat
+ 2008-11-11 06:31:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_158.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-01 68856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"NVHotkey"="nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll]
"nwiz"="nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-02-21 50688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"GeForce Driver"=sgfhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Cyanide\\Loki\\Loki.exe"=
"c:\\Program Files\\Cyanide\\Loki\\Autorun\\AutoRun.exe"=
"c:\\Program Files\\Tremulous\\tremulous.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\félix\\Bureau\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Race.Driver.GRID.Multi-5.Full-Rip.Skullptura\\Grid\\GRID.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"45373:TCP"= 45373:TCP:*:Disabled:port client
"45383:UDP"= 45383:UDP:*:Disabled:port ouvert
"45962:UDP"= 45962:UDP:*:Disabled:port inférieuer

R0 pe3agqwc;Loki Environment Driver (pe3agqwc);c:\windows\system32\drivers\pe3agqwc.sys [2007-05-18 64880]
R0 ps6agqwc;Loki Synchronization Driver (ps6agqwc);c:\windows\system32\drivers\ps6agqwc.sys [2007-08-02 68208]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-10-13 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\Drivers\OEM02Afx.sys [2007-06-07 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
S2 pr2agqwc;Loki Drivers Auto Removal (pr2agqwc);c:\windows\system32\pr2agqwc.exe svc [ ]
S3 epstw2k;Pilote SCSI du port parallèle SCM;c:\windows\system32\DRIVERS\epstw2k.sys [2001-08-17 114944]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
.
Contenu du dossier 'Tâches planifiées'

2008-11-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

2008-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-GeForce Driver - sgfhost.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 07:32:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\system32\nview.dll
-> c:\program files\Unlocker\UnlockerHook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\a-squared Free\a2service.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Windows Live\installer\WLSetupSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Heure de fin: 2008-11-11 7:37:05 - La machine a redémarré [félix]
ComboFix-quarantined-files.txt 2008-11-11 06:37:00
ComboFix2.txt 2008-11-10 16:03:52

Avant-CF: 12 222 304 256 octets libres
Après-CF: 12,216,258,560 octets libres

353
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 09:21
le text hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:20:03, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1225928303609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
0
Réponse 12 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 nov. 2008 à 10:01
Bonjour,

ça va mieux.

Scanne les ports
3389
45373
45383
45962

avec la méthode que je t'ai donné.

Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt3.exe pour le lancer.

Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved". 


:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] 
"GeForce Driver"=-


Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 10:30
je vais faire ce que tu ma dit parcontre j'ai trouvé un virus avec antivir: DR/tool.reboot.f.106
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 10:41
scan des port:


We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;
Port: Status Service Description
3389 stealthed n/a n/a

Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.




We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;
Port: Status Service Description
45373 stealthed n/a n/a

Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.


Discuss your results on the Forum



We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;
Port: Status Service Description
45383 stealthed n/a n/a

Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.


We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;
Port: Status Service Description
45962 stealthed n/a n/a

Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.
0
Réponse 13 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 nov. 2008 à 11:31
Bonjour,

il l'a trouvé où ?

il en a fait quoi ?

c'est la garde active ou un scan de ton ordi qui l'a décelé ?
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 11:36
c'est un scan de l'ordi que j'ais fait il l'a trouvé ici:C:\Documents and Settings\félix\Bureau\mes programmes\Navilog1.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.106 dropper
[NOTE] The file was moved to '498f4c31.qua'!


je l'ai mis en quarantaine.
0
Réponse 14 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 nov. 2008 à 11:55
Re,

Ok, pas de souci, c n'est pas un virus mais un "risktool" : pour désinfecter, on a besoin de programmes qui sont vus comme "à risque" par les anti-virus.

On le supprimera à la fin.

OTMoveIt ?
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 12:00
s'est fait:


========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled\\GeForce Driver deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11112008_115842
0
Réponse 15 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 nov. 2008 à 13:33
Re,

procédure de nettoyage :

Lis bien et exécute cette manip dans l’ordre.

#Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
mets les à jour, comme indiqué dans les démos ou tutos.

Ne les utilise pas tout de suite.


Antispywares et autres :

Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://www.malwarebytes.com/

A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.


Nettoyeurs (de fichiers inutiles) et autres :

*Ccleaner (gratuit)
Téléchargement :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tuto :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
.

=======================================

->Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
puis tape « entrée ».
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).

========================================
->Lance CCleaner.

Suppression des fichiers temporaires

Va dans la section "Options" situé dans la marge gauche.
Décoche "Avancé"
Retourne ensuite dans la section "Nettoyeur"
Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
• Clique sur [Analyse]
• Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
• Une fois le scan terminé, clique sur [Lancer le Nettoyage]



========================================
Lance Malwarebytes AntiMalware

Dans l'onglet analyse, vérifie que "Exécuter un scan rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

Ferme MBAM en cliquant sur Quitter.

Poste le rapport dans ta réponse.
========================================

->Relance CCleaner.
Suppression des incohérences du registre

• Clique sur l'icône [Registre] situés dans la marge à gauche
• Puis clique sur [Analyser les erreurs]
• Patiente pendant que CCleaner scan ton registre.
• Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
• Tu peux cliquer ensuite sur [Corriger les erreurs].

Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
========================================
->Vide ta Corbeille.
========================================
->Redémarre en mode normal,


Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur Démarrer Online-Scanner

- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Configurer le contrôle des ActiveX

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
[Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 19:43
voila le rapport de malware :


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1382
Windows 5.1.2600 Service Pack 3

11/11/2008 14:37:25
mbam-log-2008-11-11 (14-37-25).txt

Type de recherche: Examen rapide
Eléments examinés: 55728
Temps écoulé: 3 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008 > macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 19:50
pour ce qui est de kapersky je ne peu plus l'utiliser dés que je lance internet explorer on me dit qu'il y a des erreurs dans la page je ne comprends pas?? Au début ça marchait le scan avait démaré et aprés cet erreur est aparu et impossible de sortir de la page d'accueil d'ailleur ce qu'est bizzare c'est que la page d'acceuil s'appelle:
http://runonce.msn.com/runonce3.aspx

je ne l'ai jamais eu oparavant aidé moi s'il vous plait.j'ai éssayé de changer de page par défaut ça na rien changer..
je suis en train de me demandé si je vais y arriver a nettoyé mon pc??est-ce qu'il n'éxisterait pas un antivirus en ligne qui fonctionne sur mozilla firefox ?

0
Réponse 16 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 nov. 2008 à 20:30
Re,

celui-ci fonctionne sous firefox :

https://www.trendmicro.com/en_us/forHome/products/housecall.html

Tu remettras un rapport Hijackthis ensuite.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 21:46
ok je vais faire ça je voulais te demander si je dois réparer ça avec spybot qui a trouver cet erreur:

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

je n'en ai aucune idée ??
0
Réponse 17 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 nov. 2008 à 22:22
Re,

tu feras ça :

Ouvre le registre et navigue avec les + et les - jusqu'à la clé

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Clique successivement sur Fichier puis sur Exporter et choisis un nom (XXXXXX par exemple). Tu retiens le nom du répertoire (Mes documents par défaut).

Ferme le registre et ouvre l'explorateur Windows.

Clique droit sur le fichier et choisis Modifier.

Le bloc-notes s'ouvre avec le contenu de la clé.

Copie le dans ta réponse.

J'espère que tu n'as pas activé le Tea-Timer de Spybot S&D.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 22:29
voila le log hijack: teatimer est activé je ne savais pas qu'il ne fallait pas l'activé

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:39, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1225928303609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\WINDOWS\system32\pr2agqwc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
11 nov. 2008 à 22:40
voila la clé de registre:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
0
Réponse 18 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 nov. 2008 à 00:05
Re,

post 20 :

Désinstalle Spybot S&D (Démarrer, Panneau de configuration, Ajout/suppression de programmes).

Télécharge Spybot S&D ici : https://www.commentcamarche.net/telecharger/ 122 spybot

Installe le.

Mets à jour.

Vaccine mais n'installe pas le Tea-Timer.

Refais le pour éviter le retour des clés de registre.

================

Tu as un rapport pour Panda ?

===================

Ouvre le Centre de sécurité (Démarrer, Panneau de configuration).

Vérifie que ton antivirus est déclaré activé.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
12 nov. 2008 à 00:56
c'est quel logiciel "panda" il me semble que je ne l'ai pas??
Je ne l'ais pa vu dans programes files??
IL y a un lien pour l'avoir?
0
Réponse 19 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 nov. 2008 à 01:15
Re,

c'est temps que j'aille dormir.

Le scan on line de Trend Micro tu as un rapport ?
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
12 nov. 2008 à 01:41
Non je n'ais pas de log parsqu'en faite aprés il me demandait une installation et il disait que sa rentrais en conflit avec zone alarme.

bon je veux pa te dérangé plus longten on continuera demain et je te remerci gracieusement pour ton aide déja éféctué franchement vous étes des boss!!
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
12 nov. 2008 à 19:56
je vais réésayé kapersky pour voir si ça marche je t'envoi le log.
0
macfly000001 Messages postés 58 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008
12 nov. 2008 à 23:56
ça a marcher kapersky, j'ai plus de virus par contre j'arrive pas a avoir de log pour kapersky,
Merci beaucoup lyonnais 92 pour ton aide.A oui jvoulais te demander se qu'ill fallait que je fasse des programmes que tu ma fait installer comme: sdfix et combofix?

j'ai un petit log de avira antivir personal tu sais ce que veux dire les 3 warning qu'il ya dans le log?



Avira AntiVir Personal
Report file date: mercredi 12 novembre 2008 23:47

Scanning for 1032172 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: félix
Computer name: VOSTRO-7224FA7C

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 07:48:55
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 07:49:00
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 07:49:01
ANTIVIR3.VDF : 7.1.0.76 161280 Bytes 12/11/2008 18:51:50
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 21:23:27
AESCN.DLL : 8.1.1.5 123251 Bytes 11/11/2008 07:49:18
AERDL.DLL : 8.1.1.3 438645 Bytes 11/11/2008 07:49:17
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 21:23:25
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/11/2008 07:49:13
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/11/2008 07:49:11
AEHELP.DLL : 8.1.1.3 119157 Bytes 11/11/2008 07:49:06
AEGEN.DLL : 8.1.1.0 319859 Bytes 11/11/2008 07:49:05
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 11/11/2008 07:49:03
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/11/2008 07:49:02
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\FLIX~1\LOCALS~1\Temp\056e8693.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 12 novembre 2008 23:47

Starting the file scan:

Begin scan in 'C:\WINDOWS'
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd8029.sys
[WARNING] The file could not be opened!


End of the scan: jeudi 13 novembre 2008 00:01
Used time: 13:46 Minute(s)

The scan has been done completely.

1929 Scanning directories
83115 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
83112 Files not concerned
488 Archives were scanned
3 Warnings
0 Notes
0
Réponse 20 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 nov. 2008 à 21:19
Re,

résultats ?

scan en cours ?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses