Aller au contenu

alainj77

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    307

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par alainj77

  1. alainj77
    Merci Gof Bonne nuit. La le PC rame mais c'est peut être dû à l'analyse de l'anti virus qui est en train de tourner. Par contre j'ai IE7 qui s'est planté quand j'ai cliqué sur "Répondre". Mais on verra demain comment ça se passe. Je ne m'inquiète plus pour mes fichiers à transmettre. Je le fais en toute cofiance. A demain
  2. alainj77
    Voila le rapport DiagHelp version v1.4 - http://www.malekal.com excute le 21/08/2008 à 23:49:14,52 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->21/08/2008 23:49:10 C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->21/08/2008 23:48:23 C:\WINDOWS\prefetch\MCUIMGR.EXE-05B9316A.pf -->21/08/2008 23:11:09 C:\WINDOWS\prefetch\MCSVRCNT.EXE-12D57BDF.pf -->21/08/2008 23:10:46 C:\WINDOWS\prefetch\MCUPDUI.EXE-11F2DF27.pf -->21/08/2008 23:10:34 C:\WINDOWS\prefetch\MCINSUPD.EXE-12132D5F.pf -->21/08/2008 23:06:22 C:\WINDOWS\prefetch\HWUPDCHK.EXE-0E7B1FDA.pf -->21/08/2008 23:03:24 C:\WINDOWS\prefetch\MCSYNC.EXE-08959A8A.pf -->21/08/2008 23:03:21 C:\WINDOWS\prefetch\MCINFO.EXE-39905246.pf -->21/08/2008 23:03:14 C:\WINDOWS\prefetch\MCUPDMGR.EXE-1FFDEF42.pf -->21/08/2008 23:03:12 C:\WINDOWS\System32\drivers\gmer.sys -->20/08/2008 17:53:23 C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18 C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14 C:\WINDOWS\System32\drivers\mfesmfk.sys -->02/12/2007 12:51:42 C:\WINDOWS\System32\drivers\mfehidk.sys -->22/11/2007 06:44:08 C:\WINDOWS\System32\drivers\mfebopk.sys -->22/11/2007 06:44:08 C:\WINDOWS\System32\drivers\mfeavfk.sys -->22/11/2007 06:44:08 C:\WINDOWS\System32\wpa.dbl -->21/08/2008 10:12:41 C:\WINDOWS\System32\Config.MPF -->21/08/2008 09:50:58 C:\WINDOWS\System32\PerfStringBackup.INI -->19/08/2008 06:03:48 C:\WINDOWS\System32\perfh00C.dat -->19/08/2008 06:03:48 C:\WINDOWS\System32\perfh009.dat -->19/08/2008 06:03:48 C:\WINDOWS\System32\perfc00C.dat -->19/08/2008 06:03:48 C:\WINDOWS\System32\perfc009.dat -->19/08/2008 06:03:48 C:\WINDOWS\System32\FNTCACHE.DAT -->19/08/2008 05:54:42 C:\WINDOWS\System32\$winnt$.inf -->19/08/2008 05:52:34 C:\WINDOWS\System32\nscompat.tlb -->19/08/2008 05:47:58 C:\WINDOWS\System32\amcompat.tlb -->19/08/2008 05:47:58 C:\WINDOWS\System32\WindowsLogon.manifest -->19/08/2008 05:46:47 C:\WINDOWS\System32\logonui.exe.manifest -->19/08/2008 05:46:47 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\sapi.cpl.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\nwc.cpl.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\ncpa.cpl.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\cdplayer.exe.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\emptyregdb.dat -->19/08/2008 05:38:31 C:\WINDOWS\System32\TZLog.log -->19/08/2008 03:06:08 C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01 C:\WINDOWS\System32\tzchange.exe -->14/07/2008 13:09:18 C:\WINDOWS\System32\xpsp3res.dll -->03/07/2008 11:42:35 C:\WINDOWS\System32\msfeedsbs.dll -->23/06/2008 18:28:20 C:\WINDOWS\System32\msfeeds.dll -->23/06/2008 18:28:20 C:\WINDOWS\WindowsUpdate.log -->21/08/2008 22:43:32 C:\WINDOWS\setupapi.log -->21/08/2008 14:02:48 C:\WINDOWS\KB951748.log -->21/08/2008 10:35:54 C:\WINDOWS\KB938127-IE7.log -->21/08/2008 10:35:46 C:\WINDOWS\KB950749.log -->21/08/2008 10:35:39 C:\WINDOWS\KB932823-v3.log -->21/08/2008 10:35:28 C:\WINDOWS\KB952954.log -->21/08/2008 10:35:14 C:\WINDOWS\KB950974.log -->21/08/2008 10:35:07 C:\WINDOWS\KB951698.log -->21/08/2008 10:34:55 C:\WINDOWS\KB951072-v2.log -->21/08/2008 10:34:42 C:\WINDOWS\svcpack.log -->21/08/2008 10:08:42 C:\WINDOWS\0.log -->21/08/2008 09:50:48 C:\WINDOWS\wiadebug.log -->21/08/2008 09:50:25 C:\WINDOWS\wiaservc.log -->21/08/2008 09:50:23 C:\WINDOWS\bootstat.dat -->21/08/2008 09:48:57 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1440 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x771b0000 0xce000 7.00.5730.0013 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll 0x61410000 0x124000 7.00.5730.0013 C:\WINDOWS\system32\urlmon.dll 0x7d200000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll 0x74b30000 0x3b000 7.00.5730.0013 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x10000000 0x6000 2.06.0000.6253 C:\Program Files\SiteAdvisor\6253\saHook.dll 0x748f0000 0x130000 8.50.2162.0000 C:\WINDOWS\system32\msxml3.dll 0x029e0000 0x187000 1.06.0000.0012 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x65af0000 0xa000 7.00.5730.0013 C:\WINDOWS\system32\jsproxy.dll 0x14490000 0x12000 14.00.0000.0366 C:\Program Files\McAfee\VirusScan\scriptsn.dll 0x63380000 0x78000 5.07.0000.5730 C:\WINDOWS\system32\JScript.dll 0x73300000 0x65000 5.07.0000.5730 C:\WINDOWS\system32\VBScript.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x032f0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x03990000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x04730000 0x174000 1.01.0001.0001 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll 0x035d0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x00d80000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x01320000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x6c600000 0x29000 12.00.0172.0000 c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll 0x01eb0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 556 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\WINDOWS\temp 23/02/2008 14:50 309 096 0158971219320169mcinst.exe 1 fichier(s) 309 096 octets 0 Rép(s) 19 533 209 600 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\WINDOWS\system32 05/08/2004 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 19 533 209 600 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\WINDOWS\Downloaded Program Files 18/08/2008 10:17 <REP> . 18/08/2008 10:17 <REP> .. 31/03/2008 21:51 392 528 AdSignerADP.dll 12/12/2007 10:33 747 AdSignerADP.inf 31/03/2008 21:51 261 456 AdVerifierADP.dll 19/08/2008 05:46 65 desktop.ini 20/11/2007 17:04 1 523 536 FP_AX_CAB_INSTALLER.exe 16/05/2007 09:22 399 gp.inf 16/05/2007 09:22 166 512 gp.ocx 20/03/2008 15:10 367 LegitCheckControl.inf 28/02/2007 21:24 361 OGAControl.inf 28/08/2006 12:05 227 opuc.inf 20/11/2007 16:50 247 swflash.inf 11 fichier(s) 2 346 445 octets Total des fichiers listés : 11 fichier(s) 2 346 445 octets 2 Rép(s) 19 533 205 504 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe" "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe" "C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla" "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing" "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime" "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableRegistryTools"=dword:00000000 "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-21 23:50:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 444 - mcmscsvc.exe 468 - McNASvc.exe 532 - csrss.exe 556 - winlogon.exe 600 - services.exe 612 - lsass.exe 772 - svchost.exe 820 - svchost.exe 896 - McProxy.exe 940 - svchost.exe 960 - Mcshield.exe 984 - svchost.exe 1044 - MpfSrv.exe 1052 - svchost.exe 1104 - mpservic.exe 1160 - MSCamS32.exe 1208 - msksrver.exe 1440 - explorer.exe 1608 - mcagent.exe 1616 - SiteAdv.exe 1672 - ctfmon.exe 1680 - msnmsgr.exe 2444 - WINWORD.EXE 2520 - svchost.exe 2760 - iexplore.exe 3088 - wuauclt.exe 3120 - msimn.exe 3140 - cmd.exe 3324 - mcsysmon.exe 3404 - alg.exe 3544 - usnsvc.exe 3832 - taskmgr.exe Total number of processes = 32 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F8A51000 - \WINDOWS\system32\KDCOM.DLL F8961000 - \WINDOWS\system32\BOOTVID.dll F8501000 - ACPI.sys F8A53000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F84F0000 - pci.sys F8551000 - isapnp.sys F8A55000 - intelide.sys F87D1000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8561000 - MountMgr.sys F84D1000 - ftdisk.sys F87D9000 - PartMgr.sys F8571000 - VolSnap.sys F84B9000 - atapi.sys F8581000 - hpt3xx.sys F84A1000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F8591000 - disk.sys F85A1000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F8482000 - fltMgr.sys F8470000 - sr.sys F8965000 - hptpro.sys F8459000 - KSecDD.sys F83CC000 - Ntfs.sys F839F000 - NDIS.sys F8384000 - Mup.sys F85B1000 - agp440.sys F8781000 - \SystemRoot\system32\DRIVERS\p3.sys F8329000 - \SystemRoot\system32\DRIVERS\atimpae.sys F8315000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F8899000 - \SystemRoot\system32\DRIVERS\RTL8029.SYS F88A1000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS F8791000 - \SystemRoot\system32\drivers\es1371mp.sys F82F1000 - \SystemRoot\system32\drivers\portcls.sys F87A1000 - \SystemRoot\system32\drivers\drmk.sys F82CE000 - \SystemRoot\system32\drivers\ks.sys F88A9000 - \SystemRoot\system32\DRIVERS\fdc.sys F82BA000 - \SystemRoot\system32\DRIVERS\parport.sys F82A9000 - \SystemRoot\system32\DRIVERS\serial.sys F8A21000 - \SystemRoot\system32\DRIVERS\serenum.sys F87B1000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F88B1000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F88B9000 - \SystemRoot\system32\DRIVERS\mouclass.sys F87C1000 - \SystemRoot\system32\DRIVERS\imapi.sys F85E1000 - \SystemRoot\system32\DRIVERS\cdrom.sys F85F1000 - \SystemRoot\system32\DRIVERS\redbook.sys F88C1000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F824C000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F8C5F000 - \SystemRoot\system32\DRIVERS\audstub.sys F8601000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F8A29000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F8235000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F8611000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F8621000 - \SystemRoot\system32\DRIVERS\raspptp.sys F88C9000 - \SystemRoot\system32\DRIVERS\TDI.SYS F8224000 - \SystemRoot\system32\DRIVERS\psched.sys F8631000 - \SystemRoot\system32\DRIVERS\msgpc.sys F88D1000 - \SystemRoot\system32\DRIVERS\ptilink.sys F88D9000 - \SystemRoot\system32\DRIVERS\raspti.sys F8661000 - \SystemRoot\system32\DRIVERS\termdd.sys F8A71000 - \SystemRoot\system32\DRIVERS\swenum.sys F8150000 - \SystemRoot\system32\DRIVERS\update.sys F8A3D000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F8671000 - \SystemRoot\system32\DRIVERS\usbhub.sys F8A73000 - \SystemRoot\system32\DRIVERS\USBD.SYS F8681000 - \SystemRoot\System32\Drivers\NDProxy.SYS F8340000 - \SystemRoot\system32\DRIVERS\gameenum.sys F88F1000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F8A77000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8B6C000 - \SystemRoot\System32\Drivers\Null.SYS F8A79000 - \SystemRoot\System32\Drivers\Beep.SYS F8911000 - \SystemRoot\System32\drivers\vga.sys F8A7B000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8A7D000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F8919000 - \SystemRoot\System32\Drivers\Msfs.SYS F8921000 - \SystemRoot\System32\Drivers\Npfs.SYS F89F1000 - \SystemRoot\system32\DRIVERS\rasacd.sys F78D5000 - \SystemRoot\system32\DRIVERS\ipsec.sys F787D000 - \SystemRoot\system32\DRIVERS\tcpip.sys F7859000 - \SystemRoot\System32\Drivers\Mpfp.sys F86D1000 - \SystemRoot\system32\DRIVERS\ipfltdrv.sys F7831000 - \SystemRoot\system32\DRIVERS\netbt.sys F780F000 - \SystemRoot\System32\drivers\afd.sys F86E1000 - \SystemRoot\system32\DRIVERS\netbios.sys F77E3000 - \SystemRoot\system32\DRIVERS\rdbss.sys F774C000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F771C000 - \SystemRoot\system32\drivers\mfehidk.sys F76FB000 - \SystemRoot\system32\DRIVERS\ipnat.sys F86F1000 - \SystemRoot\System32\Drivers\Fips.SYS F8701000 - \SystemRoot\system32\DRIVERS\wanarp.sys F8931000 - \SystemRoot\system32\DRIVERS\usbprint.sys F76D8000 - \SystemRoot\System32\Drivers\Fastfat.SYS F76C0000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8A91000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F8951000 - \SystemRoot\System32\watchdog.sys F8134000 - \SystemRoot\System32\drivers\Dxapi.sys BF9C1000 - \SystemRoot\System32\drivers\dxg.sys F8B41000 - \SystemRoot\System32\drivers\dxgthk.sys BFF50000 - \SystemRoot\System32\atidrae.dll F6E78000 - \SystemRoot\system32\DRIVERS\rspndr.sys F6A9B000 - \SystemRoot\system32\drivers\wdmaud.sys F6CD8000 - \SystemRoot\system32\drivers\sysaudio.sys F6946000 - \SystemRoot\System32\Drivers\Cdfs.SYS F65DF000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F8A6D000 - \SystemRoot\System32\Drivers\ParVdm.SYS F8891000 - \??\C:\WINDOWS\system32\drivers\cis1284.sys F6576000 - \SystemRoot\System32\Drivers\HTTP.sys F64D3000 - \SystemRoot\system32\DRIVERS\srv.sys F8889000 - \SystemRoot\system32\drivers\mfebopk.sys F6089000 - \SystemRoot\system32\drivers\mfeavfk.sys F5EE9000 - \SystemRoot\system32\drivers\mfesmfk.sys F5427000 - \SystemRoot\system32\drivers\kmixer.sys F8B4D000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 114 Liste des programmes installes Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player ActiveX Adobe Photoshop 7.0 Adobe Reader 8.1.2 - Français Adobe Reader 8.1.2 Security Update 1 (KB403742) Archiveur WinRAR AsfTools 3.1 (remove only) Assistant de connexion Windows Live Audacity 1.2.6 Canon MultiPASS ODBC Interface Canon MultiPASS Suite 3.21 Canon ScanGear 4.0 pour MultiPASS CCleaner (remove only) FixMessenger HijackThis 1.99.1 Hotfix for Windows XP (KB915865) Lecteur Windows Media 11 LotoManager Pro 4.9 Malwarebytes' Anti-Malware McAfee SecurityCenter Microsoft FrontPage 2002 Microsoft Internationalized Domain Names Mitigation APIs Microsoft LifeCam Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional Microsoft Publisher 2002 Mozilla Firefox (2.0.0.5) Nero 6 Nero Digital Nero Media Player NTREGOPT 1.1j Shareaza 2.3.1.0 Skype™ 3.6 Spybot - Search & Destroy TTDX Configurator Wallpaper WebFldrs XP Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\Program Files 21/08/2008 01:59 <REP> . 21/08/2008 01:59 <REP> .. 07/07/2008 15:20 <REP> Adobe 26/01/2008 10:54 <REP> Ahead 05/05/2007 15:32 <REP> AsfTools 3.1 19/01/2008 10:36 <REP> ATI Multimedia 29/06/2008 16:20 <REP> Audacity 25/02/2007 15:53 <REP> BaseDVDivX 12/02/2007 14:30 <REP> Canon 19/08/2008 07:19 <REP> CCleaner 10/03/2007 14:35 <REP> Ciel 12/02/2007 11:00 <REP> ComPlus Applications 30/07/2007 15:10 <REP> DialMessenger 30/07/2007 15:10 <REP> Dial-Messenger 07/03/2007 19:18 <REP> DivX 28/08/2007 18:32 <REP> DOSBox-0.72 21/08/2008 09:11 <REP> Fichiers communs 26/02/2007 08:41 <REP> FileZilla 20/01/2008 15:41 <REP> FixMessenger 16/08/2007 03:16 <REP> Google 14/03/2007 20:11 <REP> Hewlett-Packard 14/03/2007 20:07 <REP> HP 21/08/2008 02:37 <REP> Internet Explorer 18/05/2008 13:15 <REP> Inventel 09/11/2007 17:24 <REP> Java 21/08/2008 09:02 <REP> Lavasoft 07/07/2008 17:53 <REP> lotomanagerpro 07/07/2008 17:57 <REP> lotomanagerpro49 17/03/2007 11:32 <REP> Macromedia 21/08/2008 01:59 <REP> Malwarebytes' Anti-Malware 21/08/2008 14:02 <REP> McAfee 22/07/2007 09:31 <REP> McAfee.com 13/08/2008 03:28 <REP> Messenger 03/03/2007 09:49 <REP> Micro Application 12/02/2007 11:04 <REP> microsoft frontpage 07/02/2008 13:40 <REP> Microsoft LifeCam 12/02/2007 11:28 <REP> Microsoft Office 17/05/2007 15:48 <REP> Movie Maker 22/01/2008 21:11 <REP> Mozilla Firefox 19/04/2007 16:01 <REP> MSN 12/02/2007 10:59 <REP> MSN Gaming Zone 19/04/2007 16:15 <REP> MSN Messenger 08/03/2007 08:01 <REP> MSXML 4.0 12/02/2007 11:01 <REP> NetMeeting 23/07/2008 10:32 <REP> NT Registry Optimizer 12/02/2007 10:59 <REP> Online Services 18/08/2008 20:40 <REP> Outlook Express 15/04/2007 06:45 <REP> Overland 12/03/2007 16:15 <REP> RegCleaner 21/10/2007 09:55 <REP> Samsung 12/02/2007 11:02 <REP> Services en ligne 28/05/2008 23:23 <REP> Shareaza 23/05/2008 17:34 <REP> SiteAdvisor 11/03/2008 10:26 <REP> Skype 20/08/2008 12:48 <REP> Spybot - Search & Destroy 04/02/2008 09:49 <REP> Wallpaper 12/07/2007 08:29 <REP> Winamp 20/01/2008 14:18 <REP> Windows Live 03/04/2007 17:55 <REP> Windows Media Connect 2 18/08/2008 20:40 <REP> Windows Media Player 12/02/2007 10:59 <REP> Windows NT 26/06/2008 16:44 <REP> WinRAR 12/02/2007 11:04 <REP> xerox 02/03/2007 16:45 <REP> XviD 12/02/2007 17:17 <REP> Yahoo! 0 fichier(s) 0 octets 65 Rép(s) 19 516 051 456 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\Program Files\fichiers communs 21/08/2008 09:11 <REP> . 21/08/2008 09:11 <REP> .. 26/06/2008 16:17 <REP> Adobe 26/01/2008 10:40 <REP> Ahead 06/03/2007 13:36 <REP> Ciel 12/02/2007 11:25 <REP> Designer 17/03/2007 11:28 <REP> InstallShield 17/06/2007 07:59 <REP> Java 17/03/2007 11:33 <REP> Macromedia 17/03/2007 11:33 <REP> Macromedia Shared 18/11/2007 15:38 <REP> McAfee 26/01/2008 11:50 <REP> Microsoft Shared 12/02/2007 11:01 <REP> MSSoap 12/02/2007 11:52 <REP> ODBC 09/09/2007 21:20 <REP> PC SOFT 10/03/2007 14:37 <REP> Sage 12/02/2007 11:01 <REP> Services 16/02/2008 11:46 <REP> Skype 12/02/2007 11:52 <REP> SpeechEngines 18/08/2008 20:40 <REP> System 0 fichier(s) 0 octets 20 Rép(s) 19 516 047 360 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 26/01/2008 13:40 <REP> . 26/01/2008 13:40 <REP> .. 12/02/2007 11:25 <REP> 1033 26/01/2008 13:40 <REP> 1036 29/01/2004 16:08 1 277 952 MSONSEXT.DLL 13/02/2001 09:23 58 784 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 06/08/2000 10:04 401 462 MSVCP60.DLL 29/01/2004 16:08 69 632 PKMAXCTL.DLL 29/01/2004 16:08 868 352 PKMCDO.DLL 29/01/2004 16:08 53 248 PKMCORE.DLL 29/01/2004 16:08 102 400 PKMFORMS.DLL 29/01/2004 16:38 634 880 PKMRES.DLL 29/01/2004 16:08 28 672 PKMSSTLB.DLL 22/01/2001 04:25 40 960 PKMTEMPL.DLL 29/01/2004 16:08 24 576 PKMTRACE.DLL 29/01/2004 16:08 86 016 PKMWS.DLL 29/01/2004 16:08 237 568 PROMDEMO.DLL 29/01/2004 16:08 184 320 SECMGR.DLL 29/01/2004 16:08 315 392 VAIDDMGR.DLL 29/01/2004 16:08 32 768 VAIMEM.DLL 18 fichier(s) 4 666 952 octets 4 Rép(s) 19 516 047 360 octets libres c:\Documents and Settings\Alain\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Alain\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\Alain\Mes documents\Downloads\Shareaza_2.2.5.0.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\_ISDel.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\Setup.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\68\DOS\DOS4GW.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\68\DOS\INSTALL.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\74\WINAPP\SPKCFG.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\ADeck\ADeck.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\ADeck\vpatch.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Setup.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\hkcmd.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxcfg.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxdiag.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxext.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxtray.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxzoom.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcchkid.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcrmv.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcrmv64.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcrmv9x.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcupd.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\AlcUpd64.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\ALCXDEV.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\ChCfg.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\GETDXVER.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\SetCDfmt.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\setup.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\alcrmv.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\alcrmv64.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\ChCfg.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\CPLUtl64.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\RTLCPL.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\SoundMan.exe c:\Documents and Settings\Alain.OBELIX\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Alain.OBELIX\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\Alain.PC1GHZ\Bureau\ComboFix.exe c:\Documents and Settings\Alain.PC1GHZ\Bureau\mbam-setup.exe c:\Documents and Settings\Alain.PC1GHZ\Bureau\spybotsd160.exe c:\Documents and Settings\Alain.PC1GHZ\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe c:\Documents and Settings\Alain.PC1GHZ\Bureau\Nettoyage 19082008\gmer.exe c:\Documents and Settings\Alain.PC1GHZ\Local Settings\Application Data\Citrix\GoToAssist\GoToAssist_phone_application_482_fr.exe c:\Documents and Settings\Alain.PC1GHZ\Local Settings\Application Data\Citrix\GoToAssist\GoToAssist_phone_application_516_fr.exe c:\Documents and Settings\Alain.PC1GHZ\Mes documents\Downloads\Shareaza_2.2.5.0.exe c:\Documents and Settings\Alain.PC1GHZ\Mes documents\Downloads\Shareaza_2.3.1.0.exe c:\Documents and Settings\All Users.WINDOWS\Documents\WallpaperSetup.exe c:\Documents and Settings\Alain\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Alain\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll c:\Documents and Settings\Alain\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll c:\Documents and Settings\Alain.OBELIX\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Alain.OBELIX\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll c:\Documents and Settings\Alain.OBELIX\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll c:\Documents and Settings\Alain.PC1GHZ\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Alain.PC1GHZ\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll c:\Documents and Settings\Alain.PC1GHZ\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\Alain.PC1GHZ\Application Data\OfficeUpdate12\oudetect.dll c:\Documents and Settings\All Users\Application Data\Ciel\Données Communes\pdf.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Ciel\Données communes\pdf.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_PC1GHZ.tar.gz a l'adresse http://upload.malekal.com Je fais quoi de tout ce qu'on a installé?
  3. alainj77
    C'est en cours. L'analyse par l'anti virus je me méfie vu qu'il n'a pas détecté le précédent, mais si tu me le dis j'ai entière confiance.
  4. alainj77
    Re Gof Axcuse moi encore, mais j'ai eu peur d'infcter des clients. Je dois leur transmettre des brochures de cours en format Word 2002 (encore Billou) et avec les problèmes sur Windows je me méfie des autres logiciels, et ce n'est pas par support mais par outloock (et re le même). Pour l'instant ce ne sont effectivement que les mises à jour de Windows qui ne veulent pas se faire, j'ai réussi à réinstaller IE7, mais je ne peux pas en faire les mises à jour, je ne peux pas non plus installer le Pack3, sans message d'erreur, simplemet j'ai la fenêtre des mises à jour qui me dit que les mises à jour n'ont pas pu être faites. Pour l'anti virus qui rebootait le PC je ne sais pas encore, on va voir sous peu il démarre à minuit.
  5. alainj77
    Re a tous Bon il faut que je prenne une decision rapidement etant donne que j'ai des fichiers a transmettre a des clients demain et que je ne peux pas prendre le risque de les infecter eux aussi. Si on ne peut pa resoudre le probleme je dois formater et tout reinstaller et je pense que la nuit entiere me sera necessaire pour ca Pas de nouvelles de Gof?
  6. alainj77
    Hello WawaSeb Merci de ta petite incursion et de ton intervention l'année dernière. Sois tranquille je fais entière cofiance a Gof, autant que je t'avais fait confiance sinon je ne serais pas venu sur le forum. Je sais que vous êtes très forts et si je connaissais la moitié de ce que vous savez je serai très heureux, mais bon vous avez le savoir et on en profite, c'est déjà très cool de votre part du temps que vous passez avec nos problèmes. Je pollue un peu le forum, mais les compliments vous les méritiez et je n'ai pas osé te les envoyer par MP, et Gof les mérite aussi puisque depuis son intervention ça va déjà mieux même si tout ne marche pas encore, mais je ne désespère pas, je suis sûr qu'il va me donner tous les conseils nécessaires. Bonne journée et encore merci à vous tous.
  7. alainj77
    Re Gof Non j'ai tout abandonné, puisque rien ne marche Si tu as plus d'info je veux bien en profiter même par MP pour remonter ça chez McAfee, je paye donc ils ne devraient pas laisser passer ce genre de chose. Je m'en remets entièrement à toi pour le nettoyage comme j'avais fait avec WawaSeb il y a un an. A tout à l'heure
  8. alainj77
    Bonjour Gof Je crois que non Je reviens avec quelques résultats, maintenant je peux installer et désinstaller des programmes, la mise à jour de l'anti virus fonctionne, j'ai pu installer IE7 (puisqu'avant je ne pouvais pas à cause de clés bloquées dans le registre), pour l'anti virus je ne sais pas encore s'il va panter le pc pendant l'analyse vu qu'il n'a pas tourné cette nuit (j'ai oublié de débloquer l'analyse programmée ==> la fatigue sans doute ). Par contre j'ai une vingtaine de mises à jour de Windows (donc apparemment avant elles étaient bloquées), mais l'installation ne peut pas se faire. Je devrais même en avoir plus puisque avant de venir sur le forum pour le problème d'intallation de programmes j'étais passé chez Billou qui conseillait de réparer Windows, ce que j'ai fait, et normalement je devrais avoir toutes les mise a jour a refaire (plus de 100 je pense). A moins que le service Pack3 les reprenne, mais lui non plus ne s'installe pas. Voila pour les problèmes que j'ai vu jusqu'à maintenant. Que dois je faire? (Je ne fais rien en attendant de tes nouvelles)
  9. alainj77
    Bon j'espère qu'il n'y a plus rien. De toutes façons je repasserai demain (enfin aujourd'hui) pour savoir et te demander 2 ou 3 petits trucs en plus. Bonne nuit à toi; et tu l'as bien méritée.
  10. alainj77
    Oui j'ai vu juste après te l'avoir dit Rapport Combofix ComboFix 08-08-19.03 - Alain 2008-08-21 1:46:25.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.245 [GMT 2:00] Endroit: C:\Documents and Settings\Alain.PC1GHZ\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Alain.PC1GHZ\Bureau\cfscript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\fttoigge.tmp . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\fttoigge.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_EVXRVXRK ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))))))) . 2008-08-20 17:53 . 2008-08-20 17:53 250 --a------ C:\WINDOWS\gmer.ini 2008-08-19 19:24 . 2008-08-19 19:24 <REP> d---s---- C:\Documents and Settings\Alain.PC1GHZ\UserData 2008-08-19 16:43 . 2008-08-19 17:02 <REP> d-------- C:\DiagHelp 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-19 08:55 . 2008-08-18 19:47 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-19 08:55 . 2008-01-20 12:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-19 08:55 . 2008-08-19 08:55 <REP> d-------- C:\Documents and Settings\Administrateur 2008-08-19 08:11 . 2008-08-20 16:56 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-19 07:19 . 2008-08-19 07:19 <REP> d-------- C:\Program Files\CCleaner 2008-08-19 05:50 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-08-19 05:49 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-08-19 05:48 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-08-19 05:44 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-08-19 05:41 . 2004-08-05 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll 2008-08-19 05:40 . 2004-08-05 14:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe 2008-08-19 05:40 . 2004-08-05 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe 2008-08-19 05:40 . 2004-08-05 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe 2008-08-19 05:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-08-19 05:31 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys 2008-08-19 05:28 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET43.tmp 2008-08-19 01:20 . 2008-08-19 01:20 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-18 19:47 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SETC1.tmp 2008-08-18 19:47 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SETBE.tmp 2008-08-18 19:47 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SETCD.tmp 2008-08-13 03:36 . 2008-08-13 03:36 <REP> d-------- C:\WINDOWS\system32\Logs 2008-07-23 10:32 . 2008-07-23 10:32 <REP> d-------- C:\Program Files\NT Registry Optimizer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-20 15:01 --------- d-----w C:\Program Files\McAfee 2008-08-20 11:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-08-20 10:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 06:02 61,248 ----a-w C:\Documents and Settings\Alain.PC1GHZ\Application Data\GDIPFONTCACHEV1.DAT 2008-08-19 05:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-18 15:27 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Skype 2008-08-18 15:24 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\skypePM 2008-08-18 08:56 --------- d-----w C:\Program Files\Lavasoft 2008-08-18 08:56 --------- d-----w C:\Documents and Settings\Alain\Application Data\Lavasoft 2008-08-18 08:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-08-17 12:26 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Ahead 2008-07-31 09:53 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\SiteAdvisor 2008-07-07 15:57 --------- d-----w C:\Program Files\lotomanagerpro49 2008-07-07 15:53 --------- d-----w C:\Program Files\lotomanagerpro 2008-06-29 14:20 --------- d-----w C:\Program Files\Audacity 2008-06-26 14:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-16 09:49 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain\Application Data\GDIPFONTCACHEV1.DAT 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain.OBELIX\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-08-19_19.26.04.82 ))))))))))))))))))))))))))))))))))))))))) . - 2006-05-25 09:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe + 2006-05-25 08:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe - 2006-05-25 09:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll + 2006-05-25 08:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll - 2006-05-24 11:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe + 2006-05-24 10:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe - 2006-05-24 11:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2006-05-24 10:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2008-08-20 15:53:23 884,736 ----a-w C:\WINDOWS\gmer.dll + 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-08-20 21:40:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-20 21:40:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-20 15:53:23 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "MP_STATUS_MONITOR"="C:\Program Files\Canon\MultiPASS\monitr32.exe" [2001-04-13 13:19 290816] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper] --a------ 2007-08-21 01:27 233472 C:\Program Files\Wallpaper\Wallpaper.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" "MPTBox"="C:\Program Files\Canon\MultiPASS\MPTBox.exe" "VX1000"=C:\WINDOWS\vVX1000.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2004-01-05 09:10] R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2003-01-27 15:12] R2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-04-13 10:09] R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 23:45] S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-14 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-07-31 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-21 01:51:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\FICHIE~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-21 1:55:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-20 23:55:49 ComboFix2.txt 2008-08-20 22:53:36 ComboFix3.txt 2008-08-20 21:49:49 ComboFix4.txt 2008-08-20 21:19:15 ComboFix5.txt 2008-08-20 23:45:28 Pre-Run: 20,609,576,960 octets libres Post-Run: 20,608,774,144 octets libres 190 --- E O F --- 2008-08-20 01:01:55 Rapport MBAM Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1073 Windows 5.1.2600 Service Pack 2 02:05:48 21/08/2008 mbam-log-08-21-2008 (02-05-48).txt Type de recherche: Examen rapide Eléments examinés: 56799 Temps écoulé: 4 minute(s), 14 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  11. alainj77
    Y a pas de lien sur cfscript
  12. alainj77
    Voila c'est fait pour les 3
  13. alainj77
    Oui ou tu m avais dit
  14. alainj77
    Et voila le résultat de l'analyse du fameux fichier Fichier EVXRVXRK.sys.vir reçu le 2008.08.21 01:09:31 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.21.0 2008.08.20 - AntiVir 7.8.1.23 2008.08.20 - Authentium 5.1.0.4 2008.08.21 - Avast 4.8.1195.0 2008.08.20 - AVG 8.0.0.161 2008.08.20 - BitDefender 7.2 2008.08.21 - CAT-QuickHeal 9.50 2008.08.20 - ClamAV 0.93.1 2008.08.20 - DrWeb 4.44.0.09170 2008.08.21 - eSafe 7.0.17.0 2008.08.20 - eTrust-Vet 31.6.6038 2008.08.20 - Ewido 4.0 2008.08.20 - F-Prot 4.4.4.56 2008.08.20 - F-Secure 7.60.13501.0 2008.08.20 - Fortinet 3.14.0.0 2008.08.20 - GData 2.0.7306.1023 2008.08.20 - Ikarus T3.1.1.34.0 2008.08.20 - K7AntiVirus 7.10.422 2008.08.20 - Kaspersky 7.0.0.125 2008.08.21 - McAfee 5365 2008.08.20 - Microsoft 1.3807 2008.08.21 - NOD32v2 3372 2008.08.20 - Norman 5.80.02 2008.08.20 - Panda 9.0.0.4 2008.08.21 - PCTools 4.4.2.0 2008.08.20 - Prevx1 V2 2008.08.21 Cloaked Malware Rising 20.58.22.00 2008.08.20 - Sophos 4.32.0 2008.08.20 - Sunbelt 3.1.1564.1 2008.08.20 - Symantec 10 2008.08.20 - TheHacker 6.3.0.5.056 2008.08.20 - TrendMicro 8.700.0.1004 2008.08.20 - VBA32 3.12.8.3 2008.08.20 - ViRobot 2008.8.20.1342 2008.08.20 - VirusBuster 4.5.11.0 2008.08.20 - Webwasher-Gateway 6.6.2 2008.08.20 - Information additionnelle File size: 179712 bytes MD5...: 13f3f888ef2cf0bb9f616c79e5190758 SHA1..: bfcf7d6d8dbd2906fbb33e4c20939352cc3c3aef SHA256: fbe64ef8e651047089377311685f9996c85f77c4de9fe745d761d84bc9ed9853 SHA512: 5293a48edde56abd74d09ab4a6d5d93b02562a135bedd40ad4b78254fbccd8c5<BR>e556f17ef6f09592495a2294aa778353c24a4f1f84a1f838869816a401c4e7b1 PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10220<BR>timedatestamp.....: 0x4663f240 (Mon Jun 04 11:06:40 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x220 0x5 0x20 0.79 78c11c3973b7c842a07b840c2c7ef5cb<BR>.rdata 0x240 0x54 0x60 1.75 a728c7b2c6e8b13fd794c77e8e48b6ae<BR>.reloc 0x2a0 0xc 0x20 0.20 62d5dc64502fa9ec708b4f6e79a09aef<BR><BR>( 0 imports ) <BR><BR>( 0 exports ) <BR> Prevx info: http://info.prevx.com/aboutprogramtext.asp...01E4100B89F9DDD Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.21.0 2008.08.20 - AntiVir 7.8.1.23 2008.08.20 - Authentium 5.1.0.4 2008.08.21 - Avast 4.8.1195.0 2008.08.20 - AVG 8.0.0.161 2008.08.20 - BitDefender 7.2 2008.08.21 - CAT-QuickHeal 9.50 2008.08.20 - ClamAV 0.93.1 2008.08.20 - DrWeb 4.44.0.09170 2008.08.21 - eSafe 7.0.17.0 2008.08.20 - eTrust-Vet 31.6.6038 2008.08.20 - Ewido 4.0 2008.08.20 - F-Prot 4.4.4.56 2008.08.20 - F-Secure 7.60.13501.0 2008.08.20 - Fortinet 3.14.0.0 2008.08.20 - GData 2.0.7306.1023 2008.08.20 - Ikarus T3.1.1.34.0 2008.08.20 - K7AntiVirus 7.10.422 2008.08.20 - Kaspersky 7.0.0.125 2008.08.21 - McAfee 5365 2008.08.20 - Microsoft 1.3807 2008.08.21 - NOD32v2 3372 2008.08.20 - Norman 5.80.02 2008.08.20 - Panda 9.0.0.4 2008.08.21 - PCTools 4.4.2.0 2008.08.20 - Prevx1 V2 2008.08.21 Cloaked Malware Rising 20.58.22.00 2008.08.20 - Sophos 4.32.0 2008.08.20 - Sunbelt 3.1.1564.1 2008.08.20 - Symantec 10 2008.08.20 - TheHacker 6.3.0.5.056 2008.08.20 - TrendMicro 8.700.0.1004 2008.08.20 - VBA32 3.12.8.3 2008.08.20 - ViRobot 2008.8.20.1342 2008.08.20 - VirusBuster 4.5.11.0 2008.08.20 - Webwasher-Gateway 6.6.2 2008.08.20 - Information additionnelle File size: 179712 bytes MD5...: 13f3f888ef2cf0bb9f616c79e5190758 SHA1..: bfcf7d6d8dbd2906fbb33e4c20939352cc3c3aef SHA256: fbe64ef8e651047089377311685f9996c85f77c4de9fe745d761d84bc9ed9853 SHA512: 5293a48edde56abd74d09ab4a6d5d93b02562a135bedd40ad4b78254fbccd8c5<BR>e556f17ef6f09592495a2294aa778353c24a4f1f84a1f838869816a401c4e7b1 PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x10220<BR>timedatestamp.....: 0x4663f240 (Mon Jun 04 11:06:40 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x220 0x5 0x20 0.79 78c11c3973b7c842a07b840c2c7ef5cb<BR>.rdata 0x240 0x54 0x60 1.75 a728c7b2c6e8b13fd794c77e8e48b6ae<BR>.reloc 0x2a0 0xc 0x20 0.20 62d5dc64502fa9ec708b4f6e79a09aef<BR><BR>( 0 imports ) <BR><BR>( 0 exports ) <BR> Prevx info: http://info.prevx.com/aboutprogramtext.asp...01E4100B89F9DDD
  15. alainj77
    J'ai déja fait cela, mais bon je recommence si besoin est Je suis parti a tout de suite Ca n'était pas le même Voila le rapport, pas bon signe ComboFix 08-08-19.03 - Alain 2008-08-21 0:43:10.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.173 [GMT 2:00] Endroit: C:\Documents and Settings\Alain.PC1GHZ\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Alain.PC1GHZ\Bureau\cfscript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\EVXRVXRK.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_EVXRVXRK ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))))))) . 2008-08-20 23:46 . 2008-08-20 23:46 29 --a------ C:\WINDOWS\system32\fttoigge.tmp 2008-08-20 17:53 . 2008-08-20 17:53 250 --a------ C:\WINDOWS\gmer.ini 2008-08-19 19:24 . 2008-08-19 19:24 <REP> d---s---- C:\Documents and Settings\Alain.PC1GHZ\UserData 2008-08-19 16:43 . 2008-08-19 17:02 <REP> d-------- C:\DiagHelp 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-19 08:55 . 2008-08-18 19:47 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-19 08:55 . 2008-01-20 12:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-19 08:55 . 2008-08-19 08:55 <REP> d-------- C:\Documents and Settings\Administrateur 2008-08-19 08:11 . 2008-08-20 16:56 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-19 07:19 . 2008-08-19 07:19 <REP> d-------- C:\Program Files\CCleaner 2008-08-19 05:50 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-08-19 05:49 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-08-19 05:48 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-08-19 05:44 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-08-19 05:41 . 2004-08-05 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll 2008-08-19 05:40 . 2004-08-05 14:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe 2008-08-19 05:40 . 2004-08-05 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe 2008-08-19 05:40 . 2004-08-05 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe 2008-08-19 05:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-08-19 05:31 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys 2008-08-19 05:28 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET43.tmp 2008-08-19 01:20 . 2008-08-19 01:20 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-18 19:47 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SETC1.tmp 2008-08-18 19:47 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SETBE.tmp 2008-08-18 19:47 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SETCD.tmp 2008-08-13 03:36 . 2008-08-13 03:36 <REP> d-------- C:\WINDOWS\system32\Logs 2008-07-23 10:32 . 2008-07-23 10:32 <REP> d-------- C:\Program Files\NT Registry Optimizer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-20 15:01 --------- d-----w C:\Program Files\McAfee 2008-08-20 11:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-08-20 10:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 06:02 61,248 ----a-w C:\Documents and Settings\Alain.PC1GHZ\Application Data\GDIPFONTCACHEV1.DAT 2008-08-19 05:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-18 15:27 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Skype 2008-08-18 15:24 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\skypePM 2008-08-18 08:56 --------- d-----w C:\Program Files\Lavasoft 2008-08-18 08:56 --------- d-----w C:\Documents and Settings\Alain\Application Data\Lavasoft 2008-08-18 08:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-08-17 12:26 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Ahead 2008-07-31 09:53 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\SiteAdvisor 2008-07-07 15:57 --------- d-----w C:\Program Files\lotomanagerpro49 2008-07-07 15:53 --------- d-----w C:\Program Files\lotomanagerpro 2008-06-29 14:20 --------- d-----w C:\Program Files\Audacity 2008-06-26 14:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-16 09:49 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain\Application Data\GDIPFONTCACHEV1.DAT 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain.OBELIX\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-08-19_19.26.04.82 ))))))))))))))))))))))))))))))))))))))))) . - 2006-05-25 09:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe + 2006-05-25 08:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe - 2006-05-25 09:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll + 2006-05-25 08:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll - 2006-05-24 11:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe + 2006-05-24 10:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe - 2006-05-24 11:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2006-05-24 10:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2008-08-20 15:53:23 884,736 ----a-w C:\WINDOWS\gmer.dll + 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-08-20 21:40:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-20 21:40:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-20 15:53:23 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "MP_STATUS_MONITOR"="C:\Program Files\Canon\MultiPASS\monitr32.exe" [2001-04-13 13:19 290816] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper] --a------ 2007-08-21 01:27 233472 C:\Program Files\Wallpaper\Wallpaper.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" "MPTBox"="C:\Program Files\Canon\MultiPASS\MPTBox.exe" "VX1000"=C:\WINDOWS\vVX1000.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2004-01-05 09:10] R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2003-01-27 15:12] R2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-04-13 10:09] R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 23:45] S2 EVXRVXRK;EVXRVXRK;C:\WINDOWS\system32\drivers\EVXRVXRK.sys [] S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-14 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-07-31 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-aqkjqbcs - C:\WINDOWS\aqkjqbcs.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-21 00:48:38 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\FICHIE~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-21 0:53:33 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-20 22:53:21 ComboFix2.txt 2008-08-20 21:49:49 ComboFix3.txt 2008-08-20 21:19:15 ComboFix4.txt 2008-08-19 17:27:20 Pre-Run: 20,638,556,160 octets libres Post-Run: 20,633,735,168 octets libres 190 --- E O F --- 2008-08-20 01:01:55
  16. alainj77
    Les ennuis continuent Je n'ai pas ce fichier dans C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ Sans le Quarantine je n'ai pas de fichier non plus
  17. alainj77
    Re Gof Tu ne m'as pas dit si je devais suprimer mon analyse programmée de virus chaque nuit pour l'instant Voila les rapports 1 - apres install de la console de récupération ComboFix 08-08-19.03 - Alain 2008-08-20 23:13:56.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.231 [GMT 2:00] Endroit: C:\Documents and Settings\Alain.PC1GHZ\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Alain.PC1GHZ\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))))))) . 2008-08-20 17:53 . 2008-08-20 17:53 250 --a------ C:\WINDOWS\gmer.ini 2008-08-19 19:24 . 2008-08-19 19:24 <REP> d---s---- C:\Documents and Settings\Alain.PC1GHZ\UserData 2008-08-19 16:52 . 2008-08-19 16:52 8,219,629 --a------ C:\upload_moi_PC1GHZ.tar.gz 2008-08-19 16:43 . 2008-08-19 17:02 <REP> d-------- C:\DiagHelp 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-19 08:55 . 2008-08-18 19:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-19 08:55 . 2008-01-20 12:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-19 08:55 . 2008-08-19 08:55 <REP> d-------- C:\Documents and Settings\Administrateur 2008-08-19 08:11 . 2008-08-20 16:56 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-19 07:19 . 2008-08-19 07:19 <REP> d-------- C:\Program Files\CCleaner 2008-08-19 05:50 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-08-19 05:49 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-08-19 05:48 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-08-19 05:44 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-08-19 05:41 . 2004-08-05 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll 2008-08-19 05:40 . 2004-08-05 14:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe 2008-08-19 05:40 . 2004-08-05 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe 2008-08-19 05:40 . 2004-08-05 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe 2008-08-19 05:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-08-19 05:31 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys 2008-08-19 05:28 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET43.tmp 2008-08-19 01:20 . 2008-08-19 01:20 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-18 19:47 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SETC1.tmp 2008-08-18 19:47 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SETBE.tmp 2008-08-18 19:47 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SETCD.tmp 2008-08-13 03:36 . 2008-08-13 03:36 <REP> d-------- C:\WINDOWS\system32\Logs 2008-08-12 19:00 . 2008-08-12 19:00 29 --a------ C:\WINDOWS\system32\eearooqp.tmp 2008-07-23 10:32 . 2008-07-23 10:32 <REP> d-------- C:\Program Files\NT Registry Optimizer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-20 15:01 --------- d-----w C:\Program Files\McAfee 2008-08-20 11:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-08-20 10:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 06:02 61,248 ----a-w C:\Documents and Settings\Alain.PC1GHZ\Application Data\GDIPFONTCACHEV1.DAT 2008-08-19 05:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-18 15:27 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Skype 2008-08-18 15:24 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\skypePM 2008-08-18 08:56 --------- d-----w C:\Program Files\Lavasoft 2008-08-18 08:56 --------- d-----w C:\Documents and Settings\Alain\Application Data\Lavasoft 2008-08-18 08:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-08-17 12:26 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Ahead 2008-07-31 09:53 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\SiteAdvisor 2008-07-07 15:57 --------- d-----w C:\Program Files\lotomanagerpro49 2008-07-07 15:53 --------- d-----w C:\Program Files\lotomanagerpro 2008-06-29 14:20 --------- d-----w C:\Program Files\Audacity 2008-06-26 14:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-16 09:49 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain\Application Data\GDIPFONTCACHEV1.DAT 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain.OBELIX\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-08-19_19.26.04.82 ))))))))))))))))))))))))))))))))))))))))) . - 2006-05-25 09:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe + 2006-05-25 08:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe - 2006-05-25 09:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll + 2006-05-25 08:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll - 2006-05-24 11:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe + 2006-05-24 10:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe - 2006-05-24 11:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2006-05-24 10:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2008-08-20 15:53:23 884,736 ----a-w C:\WINDOWS\gmer.dll + 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-08-20 16:43:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-20 16:43:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-20 15:53:23 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-30 14:45 1829712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "MP_STATUS_MONITOR"="C:\Program Files\Canon\MultiPASS\monitr32.exe" [2001-04-13 13:19 290816] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-12 14:04:05 113664] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" "MPTBox"="C:\Program Files\Canon\MultiPASS\MPTBox.exe" "VX1000"=C:\WINDOWS\vVX1000.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2004-01-05 09:10] R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2003-01-27 15:12] R2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-04-13 10:09] R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 23:45] S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46] *Newly Created Service* - CATCHME *Newly Created Service* - GMER . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-14 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-07-31 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Alain.PC1GHZ\Application Data\Mozilla\Firefox\Profiles\m9qyjnid.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 23:17:14 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... C:\WINDOWS\system32\drivers\EVXRVXRK.sys 179712 bytes executable Scan terminé avec succès Les fichiers cachés: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Abiosdsk] -- [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EVXRVXRK] "ImagePath"="\??\C:\WINDOWS\system32\drivers\EVXRVXRK.sys" -- [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinSock2] . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll . Temps d'accomplissement: 2008-08-20 23:19:13 ComboFix-quarantined-files.txt 2008-08-20 21:19:04 ComboFix2.txt 2008-08-19 17:27:20 Pre-Run: 19,419,090,944 octets libres Post-Run: 19,398,356,992 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 193 --- E O F --- 2008-08-20 01:01:55 2 - Après CFScript ComboFix 08-08-19.03 - Alain 2008-08-20 23:39:22.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.221 [GMT 2:00] Endroit: C:\Documents and Settings\Alain.PC1GHZ\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Alain.PC1GHZ\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\upload_moi_PC1GHZ.tar.gz C:\WINDOWS\system32\drivers\EVXRVXRK.sys C:\WINDOWS\system32\eearooqp.tmp . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\upload_moi_PC1GHZ.tar.gz C:\WINDOWS\system32\eearooqp.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_EVXRVXRK -------\Service_sysbus32 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))))))) . 2008-08-20 17:53 . 2008-08-20 17:53 250 --a------ C:\WINDOWS\gmer.ini 2008-08-19 19:24 . 2008-08-19 19:24 <REP> d---s---- C:\Documents and Settings\Alain.PC1GHZ\UserData 2008-08-19 16:43 . 2008-08-19 17:02 <REP> d-------- C:\DiagHelp 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-19 08:55 . 2008-08-18 19:47 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-19 08:55 . 2008-01-20 12:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-19 08:55 . 2008-08-19 08:55 <REP> d-------- C:\Documents and Settings\Administrateur 2008-08-19 08:11 . 2008-08-20 16:56 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-19 07:19 . 2008-08-19 07:19 <REP> d-------- C:\Program Files\CCleaner 2008-08-19 05:50 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-08-19 05:49 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-08-19 05:48 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-08-19 05:44 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-08-19 05:41 . 2004-08-05 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll 2008-08-19 05:40 . 2004-08-05 14:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe 2008-08-19 05:40 . 2004-08-05 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe 2008-08-19 05:40 . 2004-08-05 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe 2008-08-19 05:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-08-19 05:31 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys 2008-08-19 05:28 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET43.tmp 2008-08-19 01:20 . 2008-08-19 01:20 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-18 19:47 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SETC1.tmp 2008-08-18 19:47 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SETBE.tmp 2008-08-18 19:47 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SETCD.tmp 2008-08-13 03:36 . 2008-08-13 03:36 <REP> d-------- C:\WINDOWS\system32\Logs 2008-08-12 18:57 . 2008-08-12 18:57 179,712 --a------ C:\WINDOWS\system32\drivers\EVXRVXRK.sys 2008-07-23 10:32 . 2008-07-23 10:32 <REP> d-------- C:\Program Files\NT Registry Optimizer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-20 15:01 --------- d-----w C:\Program Files\McAfee 2008-08-20 11:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-08-20 10:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 06:02 61,248 ----a-w C:\Documents and Settings\Alain.PC1GHZ\Application Data\GDIPFONTCACHEV1.DAT 2008-08-19 05:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-18 15:27 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Skype 2008-08-18 15:24 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\skypePM 2008-08-18 08:56 --------- d-----w C:\Program Files\Lavasoft 2008-08-18 08:56 --------- d-----w C:\Documents and Settings\Alain\Application Data\Lavasoft 2008-08-18 08:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-08-17 12:26 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Ahead 2008-07-31 09:53 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\SiteAdvisor 2008-07-07 15:57 --------- d-----w C:\Program Files\lotomanagerpro49 2008-07-07 15:53 --------- d-----w C:\Program Files\lotomanagerpro 2008-06-29 14:20 --------- d-----w C:\Program Files\Audacity 2008-06-26 14:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-16 09:49 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain\Application Data\GDIPFONTCACHEV1.DAT 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain.OBELIX\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-08-19_19.26.04.82 ))))))))))))))))))))))))))))))))))))))))) . - 2006-05-25 09:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe + 2006-05-25 08:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe - 2006-05-25 09:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll + 2006-05-25 08:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll - 2006-05-24 11:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe + 2006-05-24 10:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe - 2006-05-24 11:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2006-05-24 10:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2008-08-20 15:53:23 884,736 ----a-w C:\WINDOWS\gmer.dll + 2008-04-17 19:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-08-20 21:40:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-20 21:40:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-08-19 12:52:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-20 21:40:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-20 15:53:23 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "MP_STATUS_MONITOR"="C:\Program Files\Canon\MultiPASS\monitr32.exe" [2001-04-13 13:19 290816] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" "MPTBox"="C:\Program Files\Canon\MultiPASS\MPTBox.exe" "VX1000"=C:\WINDOWS\vVX1000.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2004-01-05 09:10] R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2003-01-27 15:12] R2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-04-13 10:09] R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 23:45] S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46] *Newly Created Service* - EVXRVXRK . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-14 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-07-31 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 23:44:45 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Abiosdsk] -- [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EVXRVXRK] "ImagePath"="\??\C:\WINDOWS\system32\drivers\EVXRVXRK.sys" -- [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2] . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\FICHIE~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-20 23:49:47 - machine was rebooted [Alain] ComboFix-quarantined-files.txt 2008-08-20 21:49:34 ComboFix2.txt 2008-08-20 21:19:15 ComboFix3.txt 2008-08-19 17:27:20 Pre-Run: 20,668,764,160 octets libres Post-Run: 20,660,035,584 octets libres 197 --- E O F --- 2008-08-20 01:01:55
  18. alainj77
    Même comme ça ce n'est pas possible, il me faudrait 20 mesages ou plus pour le mettre. Je t'ai mis un lien en MP ou tu peux le voir. Dis moi quand tu n'en as plus besoin que je le supprime.
  19. alainj77
    Re Gof Je parlais de formater parce que c'est ce que je redoute le plus, ce PC est mon outil de travail, et en ce moment j'ai un peu de mal avec ses reboots fréquents, mais pour moi ça serait la pire des solutions si je devais tout réinstaller et restaurer. J'espère ne pas en arriver là. C'est une crainte c'est tout. Pour le courage et l'obstination ça va j'ai ce qu'il faut. Par contre je ne fais rien de mon côté, simplement j'ai un scan programmé de l'anti virus qui tourne (enfin devrait) toutes les nuits mais pas depuis le 15/08 puisque le PC se plante à chaque fois. Dois je le désactiver provisoirement? Il y a quelque chose que je ne comprends pas, je ne vois pas ni avec mes yeux, ni avec Démarrer==>Rechercher le fichier EVXRVXRK.sys alors que GMER le trouve. Je n'ai donc pas pu faire l'analyse en ligne avec Virus Total. Par contre j'ai le raport de Gmer, très long apparemment donc je ne peux pas le coller dans une sule réponse puisque ça me plante IE. Je le mets en plusieurs morceaux GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-08-20 18:07:10 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF73339AA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF7333A46] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7333958] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF733396C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF7333A5A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7333A86] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7333AF9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF7333ADE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73339EA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7333B23] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF7333A32] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7333930] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF7333944] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF73339BE] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF7333B5F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF7333AC8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF7333AB2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF7333A70] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF7333B4B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF7333B37] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF7333996] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF7333982] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7333A9C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7333A19] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF7333B0D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7333A00] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73339D4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00860000 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00860F99 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00860098 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00860087 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0086006C .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00860FCA .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008600D5 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008600BA .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008600F7 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008600E6 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00860108 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00860051 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00860FE5 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008600A9 .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 0086002C .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 0086001B .text C:\WINDOWS\system32\svchost.exe[152] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00860F72 .text C:\WINDOWS\system32\svchost.exe[152] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 0085000A .text C:\WINDOWS\system32\svchost.exe[152] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00850F72 .text C:\WINDOWS\system32\svchost.exe[152] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00850FB9 .text C:\WINDOWS\system32\svchost.exe[152] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00850FD4 .text C:\WINDOWS\system32\svchost.exe[152] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00850F8D .text C:\WINDOWS\system32\svchost.exe[152] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00850025 .text C:\WINDOWS\system32\svchost.exe[152] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00850FEF .text C:\WINDOWS\system32\svchost.exe[152] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00850F9E .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FE0FEF .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FE0062 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FE0F6D .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FE0051 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FE0F94 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FE0036 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FE008E .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FE0F52 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FE0F09 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FE0F1A .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00FE0EF8 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00FE0FAF .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FE0FDE .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00FE007D .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00FE0025 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00FE0014 .text C:\WINDOWS\system32\services.exe[604] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00FE0F2B .text C:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00A1003D .text C:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00A10FA5 .text C:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00A1002C .text C:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00A1001B .text C:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00A10FB6 .text C:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00A10058 .text C:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00A1000A .text C:\WINDOWS\system32\services.exe[604] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00A10FD1 .text C:\WINDOWS\system32\services.exe[604] WS2_32.dll!socket 719F3B91 5 Bytes JMP 009E0000 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E20000 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E20F95 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E20080 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E20FA6 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E20FC3 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E2005B .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E20F53 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E20F70 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E20F02 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E20F1D .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00E200B6 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00E20FD4 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E2001B .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00E2009B .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00E20036 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00E20FE5 .text C:\WINDOWS\system32\lsass.exe[616] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00E20F38 .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00E1001B .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00E10062 .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00E10FD4 .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00E1000A .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00E10051 .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00E10036 .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00E10FEF .text C:\WINDOWS\system32\lsass.exe[616] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00E10FAF .text C:\WINDOWS\system32\lsass.exe[616] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00DF0FEF .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0FEF .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E009A .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0089 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0078 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0051 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0025 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E0F6F .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E00B7 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E00FE .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00E3 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008E0119 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008E0040 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008E0000 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008E0F80 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008E0FB9 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008E0FD4 .text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008E00C8 .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 008D0036 .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 008D0F94 .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 008D001B .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 008D000A .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 008D0051 .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 008D0FAF .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 008D0FEF .text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 008D0FC0 .text C:\WINDOWS\system32\svchost.exe[768] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00890000 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AD0FEF .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AD00A4 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AD0093 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AD0FAF .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AD0062 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AD0040 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AD0F7E .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AD00C6 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AD0F48 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AD00E1 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00AD00FC .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00AD0051 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00AD000A .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00AD00B5 .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00AD0FCA .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00AD001B .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00AD0F63 .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00AC002F .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00AC006C .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00AC0FDE .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00AC0FEF .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00AC0FB9 .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00AC0051 .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00AC000A .text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00AC0040 .text C:\WINDOWS\system32\svchost.exe[824] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00AA0000 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01CC0000 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01CC0F79 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01CC0F8A .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01CC0064 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01CC0FA5 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01CC0022 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01CC00AB .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01CC009A .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01CC00DE .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01CC00CD .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01CC0F20 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01CC003D .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01CC0011 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 01CC0089 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01CC0FB6 .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01CC0FDB .text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 01CC00BC .text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 01CB002C .text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 01CB0062 .text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 01CB0011 .text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 01CB0FE5 .text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 01CB0051 .text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 01CB0FAF .text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 01CB0000 .text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 01CB0FCA .text C:\WINDOWS\System32\svchost.exe[940] WS2_32.dll!socket 719F3B91 5 Bytes JMP 01960000 .text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 01BF0000 .text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 01BF0FE5 .text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 01BF001B .text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 01BF0FD4 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00750000 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00750F63 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00750F7E .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00750F8F .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00750058 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0075003D .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00750F35 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0075007D .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00750EFF .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00750F1A .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 007500BD .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00750FAC .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00750FE5 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00750F52 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 0075002C .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00750011 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00750098 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00740022 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00740F9B .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00740011 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00740FE5 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 0074004E .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00740FAC .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00740000 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00740033 .text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00720FEF .text c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe[1024] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe[1024] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C3C0 c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C20000 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C20FB9 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C200AE .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C20FD4 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C20087 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C20051 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C200F0 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C20FA8 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C2012D .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C2011C .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00C20F79 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00C2006C .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00C20FE5 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00C200C9 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00C20036 .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00C2001B .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00C20101 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00C10FB9 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00C10F8D .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00C1000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00C10FDE .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00C1004A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00C10FA8 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00C10FEF .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00C10025 .text C:\WINDOWS\system32\svchost.exe[1040] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00BE0FEF .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00BF000A .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00BF002C .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00BF001B .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00BF003D .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AE0000 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AE0F63 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AE0058 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AE003D .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AE0F80 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AE0FAF .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AE0F2B .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AE007D .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AE00BD .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AE00A2 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00AE0F09 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00AE002C .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00AE0FE5 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00AE0F52 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00AE0FC0 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00AE0011 .text C:\WINDOWS\Explorer.EXE[1376] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00AE0F1A .text C:\WINDOWS\Explorer.EXE[1376] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00AC0FDE .text C:\WINDOWS\Explorer.EXE[1376] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00AC0F97 .text C:\WINDOWS\Explorer.EXE[1376] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00AC0025 .text C:\WINDOWS\Explorer.EXE[1376] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00AC0014 .text C:\WINDOWS\Explorer.EXE[1376] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00AC0FA8 .text C:\WINDOWS\Explorer.EXE[1376] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00AC0FC3 .text C:\WINDOWS\Explorer.EXE[1376] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00AC0FEF .text C:\WINDOWS\Explorer.EXE[1376] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00AC004A .text C:\WINDOWS\Explorer.EXE[1376] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00AA0000 .text C:\WINDOWS\Explorer.EXE[1376] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00AA0022 .text C:\WINDOWS\Explorer.EXE[1376] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00AA0011 .text C:\WINDOWS\Explorer.EXE[1376] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00AA0049 .text C:\WINDOWS\Explorer.EXE[1376] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00A90FEF .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FE5 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0085 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F86 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F97 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A004A .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A001E .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F69 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A00B1 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F2C .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F3D .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001A00EA .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001A002F .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001A0FD4 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001A00A0 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001A0FB2 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001A0FC3 .text C:\WINDOWS\System32\svchost.exe[2060] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001A0F4E .text C:\WINDOWS\System32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00280022 .text C:\WINDOWS\System32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00280069 .text C:\WINDOWS\System32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00280011 .text C:\WINDOWS\System32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00280FDB .text C:\WINDOWS\System32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00280FAC .text C:\WINDOWS\System32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 0028004E .text C:\WINDOWS\System32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00280000 .text C:\WINDOWS\System32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 0028003D .text C:\WINDOWS\System32\svchost.exe[2060] WS2_32.dll!socket
  20. alainj77
    Bonjour Cette nuit a nouveau analyse programmée de virus ===> pc s 'arrête et redémarre, aucune analyse possible depuis le 15/08. Donc apparemment il doit rester des choses, ou dois je formater et réinstaller Windows? Merci
  21. alainj77
    Re Gof Bon j'y suis arrivé. J'ai eu des alertes de McAfee, je suppose que c'est pour Combofix. Voila le rapport ComboFix 08-08-18.05 - Alain 2008-08-19 19:14:08.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.118 [GMT 2:00] Endroit: C:\Documents and Settings\Alain.PC1GHZ\Bureau\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Alain.PC1GHZ\UserData C:\Documents and Settings\Alain.PC1GHZ\UserData\4BT5LR6C\oWindowsUpdate[1].xml C:\Documents and Settings\Alain.PC1GHZ\UserData\index.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))))))) . 2008-08-19 16:52 . 2008-08-19 16:52 8,219,629 --a------ C:\upload_moi_PC1GHZ.tar.gz 2008-08-19 16:43 . 2008-08-19 17:02 <REP> d-------- C:\DiagHelp 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-19 08:55 . 2008-08-18 19:47 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-19 08:55 . 2008-01-20 12:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-19 08:55 . 2008-01-20 12:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-19 08:55 . 2008-08-19 08:55 <REP> d-------- C:\Documents and Settings\Administrateur 2008-08-19 07:19 . 2008-08-19 07:19 <REP> d-------- C:\Program Files\CCleaner 2008-08-19 05:50 . 2004-08-05 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-08-19 05:49 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-08-19 05:48 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-08-19 05:46 . 2008-08-19 05:46 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-08-19 05:44 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-08-19 05:41 . 2004-08-05 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll 2008-08-19 05:40 . 2004-08-05 14:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe 2008-08-19 05:40 . 2004-08-05 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe 2008-08-19 05:40 . 2004-08-05 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe 2008-08-19 05:31 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-08-19 05:31 . 2001-08-17 20:12 19,017 --a------ C:\WINDOWS\system32\drivers\RTL8029.sys 2008-08-19 05:28 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET43.tmp 2008-08-19 01:20 . 2008-08-19 01:20 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-18 19:47 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SETC1.tmp 2008-08-18 19:47 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SETBE.tmp 2008-08-18 19:47 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SETCD.tmp 2008-08-13 03:36 . 2008-08-13 03:36 <REP> d-------- C:\WINDOWS\system32\Logs 2008-08-12 19:00 . 2008-08-12 19:00 29 --a------ C:\WINDOWS\system32\eearooqp.tmp 2008-08-12 18:57 . 2008-08-12 18:57 179,712 --a------ C:\WINDOWS\system32\drivers\EVXRVXRK.sys 2008-07-23 10:32 . 2008-07-23 10:32 <REP> d-------- C:\Program Files\NT Registry Optimizer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-19 14:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-19 14:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-08-19 05:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-18 15:27 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Skype 2008-08-18 15:24 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\skypePM 2008-08-18 08:56 --------- d-----w C:\Program Files\Lavasoft 2008-08-18 08:56 --------- d-----w C:\Documents and Settings\Alain\Application Data\Lavasoft 2008-08-18 08:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-08-17 12:26 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\Ahead 2008-08-15 03:02 --------- d-----w C:\Program Files\McAfee 2008-07-31 09:53 --------- d-----w C:\Documents and Settings\Alain.PC1GHZ\Application Data\SiteAdvisor 2008-07-07 15:57 --------- d-----w C:\Program Files\lotomanagerpro49 2008-07-07 15:53 --------- d-----w C:\Program Files\lotomanagerpro 2008-06-29 14:20 --------- d-----w C:\Program Files\Audacity 2008-06-26 14:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-05-19 11:19 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-16 09:49 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat 2008-01-26 11:31 61,248 ----a-w C:\Documents and Settings\Alain.PC1GHZ\Application Data\GDIPFONTCACHEV1.DAT 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain\Application Data\GDIPFONTCACHEV1.DAT 2007-03-04 06:58 84,008 ----a-w C:\Documents and Settings\Alain.OBELIX\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "MP_STATUS_MONITOR"="C:\Program Files\Canon\MultiPASS\monitr32.exe" [2001-04-13 13:19 290816] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" "MPTBox"="C:\Program Files\Canon\MultiPASS\MPTBox.exe" "VX1000"=C:\WINDOWS\vVX1000.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2004-01-05 09:10] R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2003-01-27 15:12] R2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-04-13 10:09] R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 23:45] S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-14 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-07-31 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Alain.PC1GHZ\Application Data\Mozilla\Firefox\Profiles\m9qyjnid.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-19 19:21:36 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Abiosdsk] -- [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EVXRVXRK] "ImagePath"="\??\C:\WINDOWS\system32\drivers\EVXRVXRK.sys" -- [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2] . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\FICHIE~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-19 19:27:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-19 17:27:05 Pre-Run: 19,425,083,392 octets libres Post-Run: 19,749,986,304 octets libres 179 --- E O F --- 2008-08-19 01:08:55
  22. alainj77
    Re Gof J'ai toutes les chances, le site ne répond pas apparemment. Je vais attendre un peu et réessayer. Mais félicitations d'ores et déja, vu la longueur du rapport je ne pensais pas avoir de réponse aussi vite.
  23. alainj77
    Re bonjour Gof Je n'ai pas pu exécuter go.cmd par double click même après avoir désinstallé Spybot, je l'ai fait par une invite de commande. Voici le rapport DiagHelp version v1.4 - http://www.malekal.com excute le 19/08/2008 à 16:45:53,14 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->19/08/2008 16:45:43 C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->19/08/2008 16:44:37 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->19/08/2008 16:43:08 C:\WINDOWS\prefetch\MCUIMGR.EXE-05B9316A.pf -->19/08/2008 16:42:47 C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->19/08/2008 16:39:38 C:\WINDOWS\prefetch\MSKAGENT.EXE-180ABA5C.pf -->19/08/2008 16:30:29 C:\WINDOWS\prefetch\MCSYSMON.EXE-045A2ADD.pf -->19/08/2008 16:27:48 C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->19/08/2008 16:27:13 C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->19/08/2008 16:27:03 C:\WINDOWS\prefetch\USNSVC.EXE-05B86444.pf -->19/08/2008 16:26:53 C:\WINDOWS\System32\drivers\mfesmfk.sys -->02/12/2007 12:51:42 C:\WINDOWS\System32\drivers\mfehidk.sys -->22/11/2007 06:44:08 C:\WINDOWS\System32\drivers\mfebopk.sys -->22/11/2007 06:44:08 C:\WINDOWS\System32\drivers\mfeavfk.sys -->22/11/2007 06:44:08 C:\WINDOWS\System32\drivers\mferkdk.sys -->22/11/2007 06:44:04 C:\WINDOWS\System32\drivers\AWRTRD.sys -->07/08/2007 13:58:08 C:\WINDOWS\System32\drivers\NSDriver.sys -->07/08/2007 13:56:58 C:\WINDOWS\System32\Config.MPF -->19/08/2008 16:26:20 C:\WINDOWS\System32\wpa.dbl -->19/08/2008 16:24:20 C:\WINDOWS\System32\PerfStringBackup.INI -->19/08/2008 06:03:48 C:\WINDOWS\System32\perfh00C.dat -->19/08/2008 06:03:48 C:\WINDOWS\System32\perfh009.dat -->19/08/2008 06:03:48 C:\WINDOWS\System32\perfc00C.dat -->19/08/2008 06:03:48 C:\WINDOWS\System32\perfc009.dat -->19/08/2008 06:03:48 C:\WINDOWS\System32\FNTCACHE.DAT -->19/08/2008 05:54:42 C:\WINDOWS\System32\$winnt$.inf -->19/08/2008 05:52:34 C:\WINDOWS\System32\nscompat.tlb -->19/08/2008 05:47:58 C:\WINDOWS\System32\amcompat.tlb -->19/08/2008 05:47:58 C:\WINDOWS\System32\WindowsLogon.manifest -->19/08/2008 05:46:47 C:\WINDOWS\System32\logonui.exe.manifest -->19/08/2008 05:46:47 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\sapi.cpl.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\nwc.cpl.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\ncpa.cpl.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\cdplayer.exe.manifest -->19/08/2008 05:46:39 C:\WINDOWS\System32\emptyregdb.dat -->19/08/2008 05:38:31 C:\WINDOWS\System32\TZLog.log -->19/08/2008 03:06:08 C:\WINDOWS\System32\eearooqp.tmp -->12/08/2008 19:00:08 C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01 C:\WINDOWS\System32\tzchange.exe -->14/07/2008 13:09:18 C:\WINDOWS\System32\xpsp3res.dll -->03/07/2008 11:42:35 C:\WINDOWS\System32\msfeedsbs.dll -->23/06/2008 18:28:20 C:\WINDOWS\WindowsUpdate.log -->19/08/2008 16:27:07 C:\WINDOWS\0.log -->19/08/2008 16:26:10 C:\WINDOWS\wiadebug.log -->19/08/2008 16:26:02 C:\WINDOWS\wiaservc.log -->19/08/2008 16:25:59 C:\WINDOWS\bootstat.dat -->19/08/2008 16:24:16 C:\WINDOWS\SchedLgU.Txt -->19/08/2008 16:22:42 C:\WINDOWS\svcpack.log -->19/08/2008 13:08:33 C:\WINDOWS\setupapi.log -->19/08/2008 13:05:25 C:\WINDOWS\KB893803v2.log -->19/08/2008 09:34:12 C:\WINDOWS\KB952954.log -->19/08/2008 09:10:12 C:\WINDOWS\KB950974.log -->19/08/2008 09:10:04 C:\WINDOWS\KB951698.log -->19/08/2008 09:09:54 C:\WINDOWS\KB951072-v2.log -->19/08/2008 09:09:44 C:\WINDOWS\KB953838.log -->19/08/2008 09:09:29 C:\WINDOWS\KB951748.log -->19/08/2008 09:09:00 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1372 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x10000000 0x6000 2.06.0000.6253 C:\Program Files\SiteAdvisor\6253\saHook.dll 0x748f0000 0x130000 8.50.2162.0000 C:\WINDOWS\system32\msxml3.dll 0x14490000 0x12000 14.00.0000.0366 C:\Program Files\McAfee\VirusScan\scriptsn.dll 0x75be0000 0x6e000 5.06.0000.8820 C:\WINDOWS\system32\JScript.dll 0x73250000 0x67000 5.06.0000.8820 C:\WINDOWS\system32\VBScript.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x029a0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x03110000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x01d00000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x6c600000 0x29000 12.00.0172.0000 c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll 0x02ed0000 0x174000 1.01.0001.0001 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll 0x02800000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x024e0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 564 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\WINDOWS\system32 05/08/2004 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 19 508 543 488 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\WINDOWS\Downloaded Program Files 18/08/2008 10:17 <REP> . 18/08/2008 10:17 <REP> .. 31/03/2008 21:51 392 528 AdSignerADP.dll 12/12/2007 10:33 747 AdSignerADP.inf 31/03/2008 21:51 261 456 AdVerifierADP.dll 19/08/2008 05:46 65 desktop.ini 20/11/2007 17:04 1 523 536 FP_AX_CAB_INSTALLER.exe 16/05/2007 09:22 399 gp.inf 16/05/2007 09:22 166 512 gp.ocx 20/03/2008 15:10 367 LegitCheckControl.inf 28/02/2007 21:24 361 OGAControl.inf 28/08/2006 12:05 227 opuc.inf 20/11/2007 16:50 247 swflash.inf 11 fichier(s) 2 346 445 octets Total des fichiers listés : 11 fichier(s) 2 346 445 octets 2 Rép(s) 19 508 539 392 octets libres Recherche de rootkit! (Merci S!Ri) sysbus32 présent! Possible infection rootkit Troj/Dropper-EC sysbus32 présent! Possible infection Troj/Dropper-EC Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe" "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe" "C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla" "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing" "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime" "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 www.activexupdate.com 127.0.0.1 activexupdate.com 127.0.0.1 www.antispywareupdates.net 127.0.0.1 antispywareupdates.net 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 update.shareaza.com 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 www.flwupdate.com 127.0.0.1 flwupdate.com 127.0.0.1 www.movupdate.com 127.0.0.1 movupdate.com 127.0.0.1 www.mpegupdate.com 127.0.0.1 mpegupdate.com 127.0.0.1 www.updatesantivirus.com 127.0.0.1 updatesantivirus.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-19 16:46:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ContentIndex\Catalogs\System] "Location"="E:\System Volume Information" "IsIndexingW3Svc"=dword:00000000 "IsIndexingNNTPSvc"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Abiosdsk] "ErrorControl"=dword:00000000 "Group"="Primary disk" "Start"=dword:00000004 "Tag"=dword:00000003 "Type"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abiosdsk] "EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\intelide] "EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PptpMiniport] "EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EVXRVXRK] "Type"=dword:00000001 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\EVXRVXRK.sys" "DisplayName"="EVXRVXRK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EVXRVXRK\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntelIde] "ErrorControl"=dword:00000001 "Group"="System Bus Extender" "Start"=dword:00000000 "Tag"=dword:00000004 "Type"=dword:00000001 "ImagePath"=str(2):"system32\DRIVERS\intelide.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"system32\DRIVERS\raspptp.sys" "DisplayName"="Miniport réseau étendu (PPTP)" "Description"="Miniport réseau étendu (PPTP)" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex\Catalogs\System] "Location"="E:\System Volume Information" "IsIndexingW3Svc"=dword:00000000 "IsIndexingNNTPSvc"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Abiosdsk] "ErrorControl"=dword:00000000 "Group"="Primary disk" "Start"=dword:00000004 "Tag"=dword:00000003 "Type"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk] "EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide] "EventMessageFile"=str(2):"%SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\IntelIde.sys" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport] "EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EVXRVXRK] "Type"=dword:00000001 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\EVXRVXRK.sys" "DisplayName"="EVXRVXRK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EVXRVXRK\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelIde] "ErrorControl"=dword:00000001 "Group"="System Bus Extender" "Start"=dword:00000000 "Tag"=dword:00000004 "Type"=dword:00000001 "ImagePath"=str(2):"system32\DRIVERS\intelide.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport] "Type"=dword:00000001 "Start"=dword:00000003 "ErrorControl"=dword:00000001 "ImagePath"=str(2):"system32\DRIVERS\raspptp.sys" "DisplayName"="Miniport réseau étendu (PPTP)" "Description"="Miniport réseau étendu (PPTP)" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2] scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wallpaper] "Changed"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\DeluxeCD\Providers] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CSSFilters] "oavredirect"="{999937BC-30FE-11D4-BA52-00C04F6843FA}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuRun] "Type"="checkbox" "Text"="@shell32.dll,-30474" "HKeyRoot"=dword:80000001 "RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "ValueName"="StartMenuRun" "CheckedValue"=dword:00000001 "UncheckedValue"=dword:00000000 "DefaultValue"=dword:00000001 "HelpID"="windows.hlp#51142" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\ShowPrinters] "Type"="checkbox" "Text"="@shell32.dll,-30493" "HKeyRoot"=dword:80000001 "RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" "ValueName"="Start_ShowPrinters" "CheckedValue"=dword:00000001 "UncheckedValue"=dword:00000000 "DefaultValue"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ACTIVEX_OPTIN\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="1208" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\ALLOW_DYNSRC_VIDEO\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="120A" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\AUTOMATIC_ACTIVEX_UI\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2201" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\ACTIVE_CONTENT\BBHVR\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2000" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\DOWNLOAD\AUTOMATIC_DOWNLOAD_UI\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2200" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\JAVAPER\JAVA\DISABLE] "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORCE_ADDRESS_BAR\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2104" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA] "Type"="group" "Text"="Soumettre les données de formulaire non codées" "PlugUIText"="@inetcplc.dll,-4797" "Bitmap"="C:\WINDOWS\system32\inetcpl.cpl,4443" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\ALLOW] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Activer" "PlugUIText"="@inetcplc.dll,-4803" "ValueName"="1601" "CheckedValue"=dword:00000000 "DefaultValue"=dword:00000003 "Mask"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\DENY] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="1601" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "Mask"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\FORMDATA\QUERY] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Demander" "PlugUIText"="@inetcplc.dll,-4804" "ValueName"="1601" "CheckedValue"=dword:00000001 "DefaultValue"=dword:00000003 "Mask"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\INC_UPLOAD_FILEPATH\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="160A" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\MIME_SNIFFING\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2100" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\RESTRICTED_PROTOCOLS\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2300" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\WINDOW_RESTRICTIONS\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2102" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\MISC\ZONE_ELEVATION\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2101" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\LOOSE_XAML\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2402" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\WINDOWS_BROWSER_APPLICATIONS\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2400" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WINFX\XPS_DOCUMENTS\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2401" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO\WinFXSetup\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2600" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ACTIVEX_OPTIN\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="1208" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\ALLOW_DYNSRC_VIDEO\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="120A" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\AUTOMATIC_ACTIVEX_UI\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2201" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\ACTIVE_CONTENT\BBHVR\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2000" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\DOWNLOAD\AUTOMATIC_DOWNLOAD_UI\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2200" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\JAVAPER\JAVA\DISABLE] "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver Java" "PlugUIText"="@inetcplc.dll,-4818" "ValueName"="1C00" "CheckedValue"=dword:00000000 "DefaultValue"=dword:00000000 "HKeyRoot"=dword:80000002 "HelpID"="iexplore.hlp#50241" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORCE_ADDRESS_BAR\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2104" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA] "Type"="group" "Text"="Soumettre les données de formulaire non codées" "PlugUIText"="@inetcplc.dll,-4797" "Bitmap"="C:\WINDOWS\system32\inetcpl.cpl,4443" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\ALLOW] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Activer" "PlugUIText"="@inetcplc.dll,-4803" "ValueName"="1601" "CheckedValue"=dword:00000000 "DefaultValue"=dword:00000003 "HKeyRoot"=dword:80000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\DENY] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="1601" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "HKeyRoot"=dword:80000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\FORMDATA\QUERY] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Demander" "PlugUIText"="@inetcplc.dll,-4804" "ValueName"="1601" "CheckedValue"=dword:00000001 "DefaultValue"=dword:00000003 "HKeyRoot"=dword:80000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\MIME_SNIFFING\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2100" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\RESTRICTED_PROTOCOLS\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2300" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\WINDOW_RESTRICTIONS\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2102" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\MISC\ZONE_ELEVATION\DISABLE] "Type"="radio" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Désactiver" "PlugUIText"="@inetcplc.dll,-4805" "ValueName"="2101" "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\LOOSE_XAML\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2402" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\WINDOWS_BROWSER_APPLICATIONS\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2400" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WINFX\XPS_DOCUMENTS\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2401" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK\WinFXSetup\DISABLE] "CheckedValue"=dword:00000003 "DefaultValue"=dword:00000003 "PlugUIText"="@inetcpl.cpl,-4805" "RegPath"="SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "RegPoliciesPath"="SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%s" "Text"="Disable" "Type"="radio" "ValueName"="2600" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies\MedHigh] "1001"=dword:00000001 "1004"=dword:00000003 "1200"=dword:00000000 "1201"=dword:00000003 "1206"=dword:00000003 "1207"=dword:00000003 "1208"=dword:00000003 "1209"=dword:00000003 "120A"=dword:00000003 "1400"=dword:00000000 "1402"=dword:00000000 "1405"=dword:00000000 "1406"=dword:00000003 "1407"=dword:00000001 "1408"=dword:00000003 "1601"=dword:00000000 "1604"=dword:00000000 "1605"=dword:00000000 "1606"=dword:00000000 "1607"=dword:00000003 "1608"=dword:00000000 "1609"=dword:00000001 "160A"=dword:00000000 "1800"=dword:00000001 "1802"=dword:00000000 "1803"=dword:00000000 "1804"=dword:00000001 "1806"=dword:00000001 "1809"=dword:00000000 "1A00"=dword:00020000 "1A02"=dword:00000000 "1A03"=dword:00000000 "1A04"=dword:00000003 "1A05"=dword:00000001 "1A06"=dword:00000000 "1C00"=dword:00010000 "1E05"=dword:00020000 "2000"=dword:00000000 "2100"=dword:00000000 "2101"=dword:00000000 "2102"=dword:00000003 "2103"=dword:00000003 "2104"=dword:00000003 "2105"=dword:00000003 "2200"=dword:00000003 "2201"=dword:00000003 "2300"=dword:00000001 "2301"=dword:00000000 "2400"=dword:00000000 "2401"=dword:00000000 "2402"=dword:00000000 "2600"=dword:00000000 "Description"="Help prevent malware from accessing your computer." "DisplayName"="Internet recommended safety (medium high security)" "Icon"="wininet.dll#00001206" "TemplateIndex"=dword:00011500 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\begun.ru\autocontext] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nipd.it] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redir.ws] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redir.ws\www] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ssby.com] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unini.it] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unini.it\www] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unobo.it] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unobo.it\www] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\urlstat.ru] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\begun.ru\autocontext] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nipd.it] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\redir.ws] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\redir.ws\www] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ssby.com] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\unini.it] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\unini.it\www] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\unobo.it] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\unobo.it\www] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\urlstat.ru] "*"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wallpaper] "DisplayName"="Wallpaper" "UninstallString"="C:\Program Files\Wallpaper\uninst.exe" "DisplayIcon"="C:\Program Files\Wallpaper\Wallpaper.exe" "DisplayVersion"="5.0.3" "URLInfoAbout"="http://www.silver76.com/" "Publisher"="Silver76" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz] "NoRun"=dword:00000000 "Days between clean up"=dword:0000003c [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU] "0"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "1"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "2"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "3"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "4"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "5"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "6"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "7"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "8"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "9"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "10"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "11"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "12"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "13"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "14"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "15"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "16"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "17"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "18"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "19"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "20"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "21"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "22"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "23"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "24"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "25"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "26"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "27"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "28"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "29"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "30"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "31"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "32"=hex:43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,.. "33"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "34"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "35"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "36"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "MRUListEx"=hex:9b,00,00,00,9a,00,00,00,99,00,00,00,98,00,00,00,97,00,00,00,96,.. "37"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "38"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "39"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "40"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "41"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "42"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "43"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "44"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "45"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "46"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "47"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "48"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "49"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "50"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "51"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "52"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "53"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "54"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "55"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "56"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "57"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "58"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "59"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "60"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "61"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "62"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "63"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "64"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "65"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "66"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "67"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "68"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "69"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "70"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "71"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "72"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "73"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "74"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "75"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "76"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "77"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "78"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "79"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "80"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "81"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "82"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "83"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "84"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "85"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "86"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "87"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "88"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "89"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "90"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "91"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "92"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "93"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "94"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "95"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "96"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "97"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "98"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "99"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "100"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "101"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "102"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "103"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "104"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "105"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "106"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "107"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "108"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "109"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "110"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "111"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "112"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "113"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "114"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "115"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "116"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "117"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "118"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "119"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "120"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "121"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "122"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "123"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "124"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "125"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "126"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "127"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "128"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "129"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "130"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "131"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "132"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "133"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "134"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "135"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "136"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "137"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "138"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "139"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "140"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "141"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "142"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "143"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "144"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "145"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "146"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "147"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "148"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "149"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "150"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "151"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "152"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "153"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "154"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. "155"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\begun.ru\autocontext] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nipd.it] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redir.ws] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redir.ws\www] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ssby.com] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unini.it] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unini.it\www] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unobo.it] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unobo.it\www] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\urlstat.ru] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\begun.ru\autocontext] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\nipd.it] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\redir.ws] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\redir.ws\www] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\ssby.com] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\unini.it] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\unini.it\www] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\unobo.it] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\unobo.it\www] "*"=dword:00000004 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\urlstat.ru] "*"=dword:00000004 scanning hidden files ... C:\WINDOWS\system32\drivers\EVXRVXRK.sys 179712 bytes executable scan completed successfully hidden services: 3 hidden files: 1 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 428 - cmd.exe 524 - mcmscsvc.exe 540 - csrss.exe 564 - winlogon.exe 608 - services.exe 620 - lsass.exe 816 - svchost.exe 860 - McNASvc.exe 936 - svchost.exe 984 - svchost.exe 1000 - McProxy.exe 1072 - Mcshield.exe 1080 - mpservic.exe 1096 - svchost.exe 1168 - aawservice.exe 1188 - MpfSrv.exe 1372 - explorer.exe 1468 - mcagent.exe 1476 - SiteAdv.exe 1536 - ctfmon.exe 1552 - msnmsgr.exe 1608 - MSCamS32.exe 2040 - msksrver.exe 3204 - IEXPLORE.EXE 3324 - alg.exe 3464 - usnsvc.exe 3612 - WinRAR.exe 4084 - mcsysmon.exe Total number of processes = 29 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F8A51000 - \WINDOWS\system32\KDCOM.DLL F8961000 - \WINDOWS\system32\BOOTVID.dll F8501000 - ACPI.sys F8A53000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F84F0000 - pci.sys F8551000 - isapnp.sys F8A55000 - intelide.sys F87D1000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8561000 - MountMgr.sys F84D1000 - ftdisk.sys F87D9000 - PartMgr.sys F8571000 - VolSnap.sys F84B9000 - atapi.sys F8581000 - hpt3xx.sys F84A1000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F8591000 - disk.sys F85A1000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F8482000 - fltMgr.sys F8470000 - sr.sys F8965000 - hptpro.sys F8459000 - KSecDD.sys F83CC000 - Ntfs.sys F839F000 - NDIS.sys F8384000 - Mup.sys F85B1000 - agp440.sys F8731000 - \SystemRoot\system32\DRIVERS\p3.sys F8329000 - \SystemRoot\system32\DRIVERS\atimpae.sys F8315000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F8891000 - \SystemRoot\system32\DRIVERS\RTL8029.SYS F8899000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS F8741000 - \SystemRoot\system32\drivers\es1371mp.sys F82F1000 - \SystemRoot\system32\drivers\portcls.sys F8751000 - \SystemRoot\system32\drivers\drmk.sys F82CE000 - \SystemRoot\system32\drivers\ks.sys F88A1000 - \SystemRoot\system32\DRIVERS\fdc.sys F82BA000 - \SystemRoot\system32\DRIVERS\parport.sys F82A9000 - \SystemRoot\system32\DRIVERS\serial.sys F8A0D000 - \SystemRoot\system32\DRIVERS\serenum.sys F8761000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F88A9000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F88B1000 - \SystemRoot\system32\DRIVERS\mouclass.sys F8771000 - \SystemRoot\system32\DRIVERS\imapi.sys F8781000 - \SystemRoot\system32\DRIVERS\cdrom.sys F8791000 - \SystemRoot\system32\DRIVERS\redbook.sys F88B9000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F8286000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F8BC7000 - \SystemRoot\system32\DRIVERS\audstub.sys F87A1000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F8A15000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F826F000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F87B1000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F87C1000 - \SystemRoot\system32\DRIVERS\raspptp.sys F88C1000 - \SystemRoot\system32\DRIVERS\TDI.SYS F825E000 - \SystemRoot\system32\DRIVERS\psched.sys F85E1000 - \SystemRoot\system32\DRIVERS\msgpc.sys F88C9000 - \SystemRoot\system32\DRIVERS\ptilink.sys F88D1000 - \SystemRoot\system32\DRIVERS\raspti.sys F85F1000 - \SystemRoot\system32\DRIVERS\termdd.sys F8A77000 - \SystemRoot\system32\DRIVERS\swenum.sys F8150000 - \SystemRoot\system32\DRIVERS\update.sys F8A25000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F8601000 - \SystemRoot\system32\DRIVERS\usbhub.sys F8A7B000 - \SystemRoot\system32\DRIVERS\USBD.SYS F8611000 - \SystemRoot\System32\Drivers\NDProxy.SYS F8A49000 - \SystemRoot\system32\DRIVERS\gameenum.sys F88E1000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F8A7D000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8C96000 - \SystemRoot\System32\Drivers\Null.SYS F8A7F000 - \SystemRoot\System32\Drivers\Beep.SYS F88F1000 - \SystemRoot\System32\drivers\vga.sys F8A81000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8A83000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F88F9000 - \SystemRoot\System32\Drivers\Msfs.SYS F8901000 - \SystemRoot\System32\Drivers\Npfs.SYS F8360000 - \SystemRoot\system32\DRIVERS\rasacd.sys F78D5000 - \SystemRoot\system32\DRIVERS\ipsec.sys F787D000 - \SystemRoot\system32\DRIVERS\tcpip.sys F7859000 - \SystemRoot\System32\Drivers\Mpfp.sys F8641000 - \SystemRoot\system32\DRIVERS\ipfltdrv.sys F7831000 - \SystemRoot\system32\DRIVERS\netbt.sys F780F000 - \SystemRoot\System32\drivers\afd.sys F8651000 - \SystemRoot\system32\DRIVERS\netbios.sys F77E3000 - \SystemRoot\system32\DRIVERS\rdbss.sys F774C000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F771C000 - \SystemRoot\system32\drivers\mfehidk.sys F76FB000 - \SystemRoot\system32\DRIVERS\ipnat.sys F8661000 - \SystemRoot\System32\Drivers\Fips.SYS F8671000 - \SystemRoot\system32\DRIVERS\wanarp.sys F8909000 - \SystemRoot\system32\DRIVERS\usbprint.sys F76D8000 - \SystemRoot\System32\Drivers\Fastfat.SYS F76C0000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8A91000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F8951000 - \SystemRoot\System32\watchdog.sys F8A01000 - \SystemRoot\System32\drivers\Dxapi.sys BF9C1000 - \SystemRoot\System32\drivers\dxg.sys F8C26000 - \SystemRoot\System32\drivers\dxgthk.sys BFF50000 - \SystemRoot\System32\atidrae.dll F6E48000 - \SystemRoot\system32\DRIVERS\rspndr.sys F8184000 - \SystemRoot\System32\Drivers\Cdfs.SYS F68BB000 - \SystemRoot\system32\drivers\wdmaud.sys F6AE8000 - \SystemRoot\system32\drivers\sysaudio.sys F65E1000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F8AF7000 - \SystemRoot\System32\Drivers\ParVdm.SYS F88E9000 - \??\C:\WINDOWS\system32\drivers\cis1284.sys F6587000 - \??\C:\WINDOWS\system32\drivers\EVXRVXRK.sys F6546000 - \SystemRoot\System32\Drivers\HTTP.sys F64CB000 - \SystemRoot\system32\DRIVERS\srv.sys F8859000 - \SystemRoot\system32\drivers\mfebopk.sys F5FF7000 - \SystemRoot\system32\drivers\mfeavfk.sys F6878000 - \SystemRoot\system32\drivers\mfesmfk.sys F58EB000 - \SystemRoot\system32\drivers\kmixer.sys F8BFE000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 115 Liste des programmes installes Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player ActiveX Adobe Photoshop 7.0 Adobe Reader 8.1.2 - Français Adobe Reader 8.1.2 Security Update 1 (KB403742) Archiveur WinRAR AsfTools 3.1 (remove only) Assistant de connexion Windows Live Audacity 1.2.6 Canon MultiPASS ODBC Interface Canon MultiPASS Suite 3.21 Canon ScanGear 4.0 pour MultiPASS CCleaner (remove only) FixMessenger HijackThis 1.99.1 Lecteur Windows Media 11 LotoManager Pro 4.9 McAfee SecurityCenter Microsoft FrontPage 2002 Microsoft LifeCam Microsoft Office XP Professional Microsoft Publisher 2002 Mozilla Firefox (2.0.0.5) Nero 6 Nero Digital Nero Media Player NTREGOPT 1.1j Shareaza 2.3.1.0 Skype™ 3.6 TTDX Configurator WebFldrs XP Windows Live installer Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\Program Files 19/08/2008 07:19 <REP> . 19/08/2008 07:19 <REP> .. 07/07/2008 15:20 <REP> Adobe 26/01/2008 10:54 <REP> Ahead 05/05/2007 15:32 <REP> AsfTools 3.1 19/01/2008 10:36 <REP> ATI Multimedia 29/06/2008 16:20 <REP> Audacity 25/02/2007 15:53 <REP> BaseDVDivX 12/02/2007 14:30 <REP> Canon 19/08/2008 07:19 <REP> CCleaner 10/03/2007 14:35 <REP> Ciel 12/02/2007 11:00 <REP> ComPlus Applications 30/07/2007 15:10 <REP> DialMessenger 30/07/2007 15:10 <REP> Dial-Messenger 07/03/2007 19:18 <REP> DivX 28/08/2007 18:32 <REP> DOSBox-0.72 19/05/2008 13:30 <REP> Fichiers communs 26/02/2007 08:41 <REP> FileZilla 20/01/2008 15:41 <REP> FixMessenger 16/08/2007 03:16 <REP> Google 14/03/2007 20:11 <REP> Hewlett-Packard 14/03/2007 20:07 <REP> HP 19/08/2008 05:39 <REP> Internet Explorer 18/05/2008 13:15 <REP> Inventel 09/11/2007 17:24 <REP> Java 18/08/2008 10:56 <REP> Lavasoft 07/07/2008 17:53 <REP> lotomanagerpro 07/07/2008 17:57 <REP> lotomanagerpro49 17/03/2007 11:32 <REP> Macromedia 15/08/2008 05:02 <REP> McAfee 22/07/2007 09:31 <REP> McAfee.com 13/08/2008 03:28 <REP> Messenger 03/03/2007 09:49 <REP> Micro Application 12/02/2007 11:04 <REP> microsoft frontpage 07/02/2008 13:40 <REP> Microsoft LifeCam 12/02/2007 11:28 <REP> Microsoft Office 17/05/2007 15:48 <REP> Movie Maker 22/01/2008 21:11 <REP> Mozilla Firefox 19/04/2007 16:01 <REP> MSN 12/02/2007 10:59 <REP> MSN Gaming Zone 19/04/2007 16:15 <REP> MSN Messenger 08/03/2007 08:01 <REP> MSXML 4.0 12/02/2007 11:01 <REP> NetMeeting 23/07/2008 10:32 <REP> NT Registry Optimizer 12/02/2007 10:59 <REP> Online Services 18/08/2008 20:40 <REP> Outlook Express 15/04/2007 06:45 <REP> Overland 12/03/2007 16:15 <REP> RegCleaner 21/10/2007 09:55 <REP> Samsung 12/02/2007 11:02 <REP> Services en ligne 28/05/2008 23:23 <REP> Shareaza 23/05/2008 17:34 <REP> SiteAdvisor 11/03/2008 10:26 <REP> Skype 19/08/2008 16:24 <REP> Spybot - Search & Destroy 04/02/2008 09:49 <REP> Wallpaper 12/07/2007 08:29 <REP> Winamp 20/01/2008 14:18 <REP> Windows Live 03/04/2007 17:55 <REP> Windows Media Connect 2 18/08/2008 20:40 <REP> Windows Media Player 12/02/2007 10:59 <REP> Windows NT 26/06/2008 16:44 <REP> WinRAR 12/02/2007 11:04 <REP> xerox 02/03/2007 16:45 <REP> XviD 12/02/2007 17:17 <REP> Yahoo! 0 fichier(s) 0 octets 64 Rép(s) 19 500 744 704 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\Program Files\fichiers communs 19/05/2008 13:30 <REP> . 19/05/2008 13:30 <REP> .. 26/06/2008 16:17 <REP> Adobe 26/01/2008 10:40 <REP> Ahead 06/03/2007 13:36 <REP> Ciel 12/02/2007 11:25 <REP> Designer 17/03/2007 11:28 <REP> InstallShield 17/06/2007 07:59 <REP> Java 17/03/2007 11:33 <REP> Macromedia 17/03/2007 11:33 <REP> Macromedia Shared 18/11/2007 15:38 <REP> McAfee 26/01/2008 11:50 <REP> Microsoft Shared 12/02/2007 11:01 <REP> MSSoap 12/02/2007 11:52 <REP> ODBC 09/09/2007 21:20 <REP> PC SOFT 10/03/2007 14:37 <REP> Sage 12/02/2007 11:01 <REP> Services 16/02/2008 11:46 <REP> Skype 12/02/2007 11:52 <REP> SpeechEngines 18/08/2008 20:40 <REP> System 19/08/2008 07:30 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 21 Rép(s) 19 500 744 704 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est E8F2-E0B7 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 26/01/2008 13:40 <REP> . 26/01/2008 13:40 <REP> .. 12/02/2007 11:25 <REP> 1033 26/01/2008 13:40 <REP> 1036 29/01/2004 16:08 1 277 952 MSONSEXT.DLL 13/02/2001 09:23 58 784 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 06/08/2000 10:04 401 462 MSVCP60.DLL 29/01/2004 16:08 69 632 PKMAXCTL.DLL 29/01/2004 16:08 868 352 PKMCDO.DLL 29/01/2004 16:08 53 248 PKMCORE.DLL 29/01/2004 16:08 102 400 PKMFORMS.DLL 29/01/2004 16:38 634 880 PKMRES.DLL 29/01/2004 16:08 28 672 PKMSSTLB.DLL 22/01/2001 04:25 40 960 PKMTEMPL.DLL 29/01/2004 16:08 24 576 PKMTRACE.DLL 29/01/2004 16:08 86 016 PKMWS.DLL 29/01/2004 16:08 237 568 PROMDEMO.DLL 29/01/2004 16:08 184 320 SECMGR.DLL 29/01/2004 16:08 315 392 VAIDDMGR.DLL 29/01/2004 16:08 32 768 VAIMEM.DLL 18 fichier(s) 4 666 952 octets 4 Rép(s) 19 500 744 704 octets libres c:\Documents and Settings\Alain\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Alain\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\Alain\Mes documents\Downloads\Shareaza_2.2.5.0.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\_ISDel.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\Setup.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\68\DOS\DOS4GW.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\68\DOS\INSTALL.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\74\WINAPP\SPKCFG.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\ADeck\ADeck.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ac97\A1mu600a\ADeck\vpatch.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Setup.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\hkcmd.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxcfg.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxdiag.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxext.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxtray.exe c:\Documents and Settings\Alain\Mes documents\Downloads\ms6577\915G_win2k_xp72\Win2000\igfxzoom.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcchkid.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcrmv.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcrmv64.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcrmv9x.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\alcupd.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\AlcUpd64.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\ALCXDEV.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\ChCfg.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\GETDXVER.EXE c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\SetCDfmt.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\setup.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\alcrmv.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\alcrmv64.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\ChCfg.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\CPLUtl64.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\RTLCPL.exe c:\Documents and Settings\Alain\Mes documents\Downloads\realtek\ALCXXX\WDM\SoundMan.exe c:\Documents and Settings\Alain.OBELIX\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Alain.OBELIX\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\Alain.OBELIX\Local Settings\Temp\0215731200818546mcinst.exe c:\Documents and Settings\Alain.OBELIX\Local Settings\Temporary Internet Files\Content.IE5\GSYDS87G\DMSetup[1].exe c:\Documents and Settings\Alain.OBELIX\Local Settings\Temporary Internet Files\Content.IE5\GSYDS87G\mvtapp[1].exe c:\Documents and Settings\Alain.PC1GHZ\Bureau\spybotsd160.exe c:\Documents and Settings\Alain.PC1GHZ\Local Settings\Application Data\Citrix\GoToAssist\GoToAssist_phone_application_482_fr.exe c:\Documents and Settings\Alain.PC1GHZ\Mes documents\Downloads\Shareaza_2.2.5.0.exe c:\Documents and Settings\Alain.PC1GHZ\Mes documents\Downloads\Shareaza_2.3.1.0.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe c:\Documents and Settings\All Users.WINDOWS\Documents\WallpaperSetup.exe c:\Documents and Settings\Alain\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Alain\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll c:\Documents and Settings\Alain\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll c:\Documents and Settings\Alain.OBELIX\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Alain.OBELIX\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll c:\Documents and Settings\Alain.OBELIX\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll c:\Documents and Settings\Alain.PC1GHZ\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll c:\Documents and Settings\Alain.PC1GHZ\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll c:\Documents and Settings\Alain.PC1GHZ\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\Alain.PC1GHZ\Application Data\OfficeUpdate12\oudetect.dll c:\Documents and Settings\All Users\Application Data\Ciel\Données Communes\pdf.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Ciel\Données communes\pdf.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_PC1GHZ.tar.gz a l'adresse http://upload.malekal.com
  24. alainj77
    Bonjour Gof Merci de ta réponse rapide, mais ça commence mal. J'ai télécharger, j'ai décompressé, si je double click sur go.cmd c'est Spybot qui l'analyse, j'ai tenté de l'exécuter par Démarrer==>Exécuter, mais j'ai un message qui me dit que Windows ne peut pas ouvrir ce fichier (il doit connaître le prog utilisé.... ) je suppose que tu connais la suite lol Donc bien sûr rien ne se passe
  25. alainj77
    Bonjour a tous Comme vous avez été très efficaces lors de mon dernier problème il y a un an, je viens vous en poser un autre. Je pense que j'ai du attraper quelque chose mais je ne sais pas qui. Je ne peux plus faire une analyse de virus, le PC se plante penadnt l'analyse et redémarre, et je ne peux plus installer ni désinstaller de programmes avec Windows Installer. ll est démarré, j'ai essayé toutes les manips que j'ai trouvé sur vos forums et chez Microsoft, mais tout se passe comme s'il n'était pas là. J'ai apssé Spybot qui n'a rien trouvé, Adaware trouve des infections, mais ne peut pas les suprimer. Je suis en Windows XP SP2. Je joins un rapport Hijackthis fait en mode normal, s'il en faut un autre en mode sans échec, il suffit dde me le dire. Logfile of HijackThis v1.99.1 Scan saved at 13:54:42, on 19/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Shareaza\Shareaza.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Canon\MultiPASS\mpservic.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Ciel\Devis factures\WDF.exe E:\Download\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D18298EF-96C4-4BC4-9EE7-07B433D98DBA}: NameServer = 80.10.246.2,80.10.246.129 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe Merci d'avance pour votre aide.
×
×
  • Créer...