scrogne
-
Compteur de contenus
12 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par scrogne
-
-
Salut,
j'ai tout désinstallé.
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\_OTM: trouvé !
C:\Documents and Settings\guillaume.caulet\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\guillaume.caulet\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\guillaume.caulet\Recent\HijackThis.lnk: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\guillaume.caulet\Bureau\HijackThis.exe: supprimé !
C:\Documents and Settings\guillaume.caulet\Bureau\OTM.exe: supprimé !
C:\Documents and Settings\guillaume.caulet\Recent\HijackThis.lnk: supprimé !
C:\Combofix.txt: supprimé !
C:\_OTM: supprimé !
Il reste sur le bureau un dossier "backup" avec un fichier :
backup-20100526-183014-936
Je ne sais pas de quel programme il émane ni si je peux le supprimer ?
-
Bonjour Apollo,
Tout fonctionne normalement
Je relancerai un scan complet ce soir.
Encore une fois, je me répète mais vraiment MERCI Beaucoup !
@+
-
Bonjour
le scan a pris du temps.
Voici le rapport :
ndis.sys;C:\WINDOWS\system32\dllcache;BackDoor.Bulknet.417;Désinfecté.;
01F00000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Win32.HLLW.Cent;Supprimé.;
06F80000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.PWS.Wow.706;Supprimé.;
07740001.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.PWS.Wow.782;Supprimé.;
07B80000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.8412;Supprimé.;
07B80001.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.8412;Supprimé.;
07B80002.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80003.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Click.25308;Supprimé.;
07B80004.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.MulDrop1.15398;Supprimé.;
07B80005.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.8412;Supprimé.;
07B80006.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.8412;Supprimé.;
07B80007.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80008.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.MulDrop1.15398;Supprimé.;
07B80009.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8000A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8000B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8000C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8000D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8000E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8000F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80010.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80011.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80012.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80013.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80014.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Siggen1.1385;Irréparable.Quarantaine.;
07B80015.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80016.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80017.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80018.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80019.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8001A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8001B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8001C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8001D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8001E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8001F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80020.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80021.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80022.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80023.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80024.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80025.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80026.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80027.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80028.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80029.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8002A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8002B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8002C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8002D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8002E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B8002F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80030.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80031.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80032.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80033.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
07B80034.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.;
08EC0000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;BackDoor.Gootkit.15;Supprimé.;
153C0000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Siggen1.1385;Irréparable.Quarantaine.;
4C7B76E1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780000;Trojan.Siggen1.1385;Irréparable.Quarantaine.;
pack.epk.vir/data001\___\NSUtils.dll;C:\Qoobox\Quarantine\C\WINDOWS\pack.epk.vir/data001;Dialer.Egroup.1148;;
data001;C:\Qoobox\Quarantine\C\WINDOWS;Conteneur comporte des objets infectés;;
pack.epk.vir;C:\Qoobox\Quarantine\C\WINDOWS;Conteneur comporte des objets infectés;Quarantaine.;
msxsltsso.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Gootkit.15;Supprimé.;
ndis.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers;BackDoor.Bulknet.417;Désinfecté.;
msxsltsso.dll;C:\_OTM\MovedFiles\05312010_144114\c_windows\system32;BackDoor.Gootkit.15;Supprimé.;
-
M'sieur Apollo
C'est Symantec pro. et je ne peux pas m'en défaire, je n'ai pas le droit !
Une version d'éval kaspersky entrerait en concurrence ?
Y-a t'il un autre moyen de supprimer les saletés qui restent ?
S'il en reste, Mbam n'a rien trouvé... je n'ai pas vidé la quarantaine, est-ce necessaire ?
je vais redémarré en mode normal et voir si tout va bien.
j'attends votre retour sur une possible suite des évènements.
En tout cas,
Merci beaucoup pour vos indications claires rapides et précises.
Et merci pour votre patiente et votre disponibilité.
-
je ne sais pas si il y a un accès normal...
Je n'ai pas bougé du mode sans échec !!
Si je redémarre sans forcer le mode sans échec je vais avoir le choix entre 2 possibles c'est bien ça ?
1 - windows normal
2 - console de récup
et là je fais quoi en fait ???? je dois dire que je suis un peu perdu
!!!le rapport de HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:18, on 31/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\guillaume.caulet\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://123web/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O17 - HKLM\Software\..\Telephony: DomainName = tls.123multimedia.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wonderphone.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{228EFAA2-BC31-40E7-B521-33001DB0A377}: NameServer = 192.168.0.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 5257 bytes
-
Je ne sais pas si Teatimer tournait ou non. je ne crois pas...
J'ai désactivé (via Starter) différent bouzins de Symantec genre : Defwatch et evtmgr.
ComboFix est arrivé au bout de son process.
le rapport de ComboFix :
ComboFix 10-05-30.08 - guillaume.caulet 31/05/2010 16:10:13.1.1 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1536.1288 [GMT 2:00]
Lancé depuis: c:\documents and settings\guillaume.caulet\Bureau\panpan.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
ADS - svchost.exe: deleted 228 bytes in 1 streams.
ADS - netcfgx.dll: deleted 196 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\guillaume.caulet\Application Data\inst.exe
c:\documents and settings\guillaume.caulet\burutter.dll
c:\windows\pack.epk
c:\windows\system32\disk.dll
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\msxsltsso.dll
----- BITS: Il y a peut-être des sites infectés -----
hxxp://SMSSERVER.TLS.123MULTIMEDIA.COM:80
c:\windows\system32\grpconv.exe était absent
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\grpconv.exe
Une copie infectée de c:\windows\system32\drivers\ndis.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-31 ))))))))))))))))))))))))))))))))))))
.
2010-05-31 14:16 . 2004-08-19 23:09 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-05-31 12:41 . 2010-05-31 12:41 -------- d-----w- C:\_OTM
2010-05-31 11:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 11:35 . 2010-05-31 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 11:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 11:25 . 2010-05-31 11:25 -------- d--h--w- c:\windows\PIF
2010-05-31 08:52 . 2010-05-31 08:52 -------- d-----w- c:\program files\Sophos
2010-05-26 16:05 . 2010-05-26 16:05 -------- d-----w- c:\program files\CodeStuff
2010-05-26 14:16 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-05-26 13:19 . 2010-05-26 13:53 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-05-26 08:56 . 2004-08-04 04:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-26 08:56 . 2004-08-04 04:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-26 08:56 . 2004-08-04 05:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-26 08:56 . 2004-08-04 05:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-26 08:56 . 2004-08-04 05:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-26 08:56 . 2004-08-04 05:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-26 08:55 . 2010-05-26 08:55 211072 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-05-24 09:32 . 2010-05-24 09:35 -------- d-----w- c:\documents and settings\guillaume.caulet\Application Data\FreeCDRipper
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 10:36 . 2007-07-06 11:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-31 08:48 . 2006-05-23 10:27 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-31 08:23 . 2001-08-28 12:00 81112 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-31 08:23 . 2001-08-28 12:00 487690 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-31 08:22 . 2007-02-15 10:03 -------- d-----w- c:\program files\Opera
2010-05-31 08:21 . 2007-02-15 10:04 -------- d-----w- c:\program files\Proxomitron Naoko-4
2010-05-26 08:55 . 2010-05-26 08:55 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\vlsfdq.dat
2010-05-26 07:09 . 2009-01-30 14:01 -------- d-----w- c:\program files\MediaCoder
2010-05-24 09:31 . 2010-05-24 09:31 -------- d-----w- c:\documents and settings\guillaume.caulet\Application Data\FreeAudioPack
2010-03-30 15:26 . 2009-11-30 08:49 79488 ----a-w- c:\documents and settings\guillaume.caulet\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-22 14:14 . 2009-03-17 13:15 47360 ----a-w- c:\documents and settings\guillaume.caulet\Application Data\pcouffin.sys
2010-03-22 14:14 . 2009-03-17 13:15 47360 ----a-w- c:\documents and settings\guillaume.caulet\Application Data\pcouffin.sys
2008-12-19 14:11 . 2008-09-16 10:02 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 14:11 . 2008-09-16 10:02 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 14:11 . 2008-09-16 10:02 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 14:11 . 2008-09-16 10:02 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 14:11 . 2008-09-16 10:02 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2005-05-13 16:12 . 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 10:13 . 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-07-14 11:31 . 2005-07-14 11:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 . 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 21:37 . 2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll
2006-05-03 09:06 . 2007-06-21 14:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2007-02-21 10:47 . 2007-06-21 14:06 31232 --sh--r- c:\windows\system32\msfDX.dll
2005-02-28 12:16 . 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.
------- Sigcheck -------
[7] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-19 144384]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-11-16 48800]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-12-27 85648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-1133\Scripts\Logon\0\0]
"Script"=winlogon.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-5893\Scripts\Logon\0\0]
"Script"=winlogon.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-5896\Scripts\Logon\0\0]
"Script"=winlogon.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-5899\Scripts\Logon\0\0]
"Script"=winlogon.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-5917\Scripts\Logon\0\0]
"Script"=winlogon.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3815223129-3390028392-2588692307-1164\Scripts\Logon\0\0]
"Script"=netshare.bat
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Psi\\psi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S2 HealthService;OpsMgr Health Service;c:\program files\System Center Operations Manager 2007\HealthService.exe [16/02/2008 10:15 27696]
S3 d2dc45c7-7c12-4545-bebb-3bb476714c54;d2dc45c7-7c12-4545-bebb-3bb476714c54;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\eengine\EraserUtilRebootDrv.sys [24/05/2010 09:21 102448]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\67.tmp [31/05/2010 13:00 6144]
S3 pan_emmi;PANTECH GSM Handset EMMI Drivers (WDM);c:\windows\system32\drivers\pan_emmi.sys [06/12/2006 17:26 82112]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/12/2005 09:19 172176]
S4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe [16/02/2008 08:34 264192]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\guillaume.caulet\Application Data\Mozilla\Firefox\Profiles\s30msyt6.default\
FF - prefs.js: browser.startup.homepage -
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
SSODL-GootkitSSO-{72D46582-F875-47A5-BF54-10EA9F17915F} - c:\windows\System32\msxsltsso.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 16:18
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\67.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Adobe\CommonFiles\{AC76BA86-1033-0000-7760-000000000001}\ColorProfiles]
@DACL=(02 0000)
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\AdobeRGB1998.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\AppleRGB.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Color Management Off.csf"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\ColorMatchRGB.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Emulate Acrobat 4.csf"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Emulate Photoshop 4.csf"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Europe Prepress Defaults.csf"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\EuroscaleCoated.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\EuroscaleUncoated.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Japan Color Prepress.csf"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\JapanColor2001Coated.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\JapanColor2001Uncoated.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\JapanWebCoated.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\BlackWhite.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\CIERGB.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\JapanStandard.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\NTSC1953.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\PAL_SECAM.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Photoshop4DefaultCMYK.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Photoshop5DefaultCMYK.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\SMPTE-C.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\WideGamutRGB.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Photoshop 5 Default Spaces.csf"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\sRGB Color Space Profile.icm"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\US Prepress Defaults.csf"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\USSheetfedCoated.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\USSheetfedUncoated.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\USWebCoatedSWOP.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\USWebUncoated.icc"=dword:00000001
"c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Web Graphics Defaults.csf"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\LocalServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\plug_ins\\Accessibility.api"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
@DACL=(02 0000)
@="AcroAccess.AcroAccess.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@DACL=(02 0000)
@="{C523F390-9C83-11D3-9094-00104BD0D535}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@DACL=(02 0000)
@="AcroAccess.AcroAccess"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\AURestartRecover]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName]
@DACL=(02 0000)
@="RealPlayer"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp]
@DACL=(02 0000)
@="c:\\Program Files\\Real\\RealPlayer\\realjbox.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File38\ACCESSPOINT]
@DACL=(02 0000)
@="DESKTOP"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.2\File0\OCX]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.2\File0\Version]
@DACL=(02 0000)
@="2.0.0.8"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{120737E0-FA99-4334-8D19-38B124EDCB1D}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{156BDF10-C6E0-4C24-B817-E57DB1A46240}\1.0]
@DACL=(02 0000)
@="Ref Edit Control"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{590FDA32-42DB-4E76-9899-FB92CF400DBE}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{6DB9FA9D-1275-47E9-9676-D2F9EE458A02}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{81431F4E-AD97-4594-955B-4150247478E6}\1.0]
@DACL=(02 0000)
@="Ref Edit Control"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A56D934B-5E56-4B24-8A25-DF0FAD3FEA96}\1.0]
@DACL=(02 0000)
@="Ref Edit Control"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E11FAE5B-376E-447E-9513-716BB70FCB28}\1.0]
@DACL=(02 0000)
@="Ref Edit Control"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E12DBC38-A68E-47C0-B4AB-41D0A4CD58F3}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E6D7C9AC-B08F-4BB3-B8EA-29DAF18AB2CE}\1.0]
@DACL=(02 0000)
@="Ref Edit Control"
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{EFA0568B-7769-4C75-A97A-9659D82E2510}\2.0]
@DACL=(02 0000)
@="Microsoft Forms 2.0 Object Library"
[HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\DefaultIcon]
@DACL=(02 0000)
@="c:\\Program Files\\Winamp\\Winamp.exe,1"
[HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\InstallInfo]
@DACL=(02 0000)
"IconsVisible"=dword:00000000
"ReinstallCommand"="\"c:\\Program Files\\Winamp\\Winamp.exe\" /REG=AVCDL"
"ShowIconsCommand"="\"c:\\Program Files\\Winamp\\Winamp.exe\" /REG=AVCDL"
"HideIconsCommand"="\"c:\\Program Files\\Winamp\\Winamp.exe\" /UNREG"
[HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\shell]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Java VM\Security]
@DACL=(02 0000)
"EditCustomPermissions"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0\Registration]
@DACL=(02 0000)
"UDBVersion"="11.0.5721.5145"
"UDBRev"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0\Registration]
@DACL=(02 0000)
"UDBVersion"="9.0.0.3126"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\ButtonElement]
@DACL=(02 0000)
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\FFWDElement]
@DACL=(02 0000)
"enabled"="wmpenabled:player.controls.FastForward"
"upToolTip"="res://wmploc.dll/RT_STRING/#1804"
"onclick"="player.controls.FastForward()"
"accName"="res://wmploc.dll/RT_STRING/#2120"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\ImageElement]
@DACL=(02 0000)
"cursor"="hand"
"accName"="res://wmploc.dll/RT_STRING/#2140"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\NextElement]
@DACL=(02 0000)
"enabled"="wmpenabled:player.controls.Next"
"upToolTip"="res://wmploc.dll/RT_STRING/#1806"
"onclick"="player.controls.Next()"
"accName"="res://wmploc.dll/RT_STRING/#2124"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PauseElement]
@DACL=(02 0000)
"enabled"="wmpenabled:player.controls.Pause"
"upToolTip"="res://wmploc.dll/RT_STRING/#1801"
"onclick"="player.controls.Pause()"
"accName"="res://wmploc.dll/RT_STRING/#2116"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PlayElement]
@DACL=(02 0000)
"enabled"="wmpenabled:player.controls.Play"
"upToolTip"="res://wmploc.dll/RT_STRING/#1800"
"onclick"="player.controls.Play()"
"accName"="res://wmploc.dll/RT_STRING/#2115"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PrevElement]
@DACL=(02 0000)
"enabled"="wmpenabled:player.controls.Previous"
"upToolTip"="res://wmploc.dll/RT_STRING/#1805"
"onclick"="player.controls.Previous()"
"accName"="res://wmploc.dll/RT_STRING/#2126"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\REWElement]
@DACL=(02 0000)
"enabled"="wmpenabled:player.controls.FastReverse"
"upToolTip"="res://wmploc.dll/RT_STRING/#1803"
"onclick"="player.controls.FastReverse()"
"accName"="res://wmploc.dll/RT_STRING/#2122"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\StopElement]
@DACL=(02 0000)
"enabled"="wmpenabled:player.controls.Stop"
"upToolTip"="res://wmploc.dll/RT_STRING/#1802"
"onclick"="player.controls.Stop()"
"accName"="res://wmploc.dll/RT_STRING/#2118"
"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist\Column]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy\Properties]
@DACL=(02 0000)
"classid"="{0AA02E8D-F851-4CB0-9F64-BBA9BE7A983D}"
"name"="res://mpvis.dll/RT_STRING/#100"
"description"="res://mpvis.dll/RT_STRING/#100"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Ambience\Properties]
@DACL=(02 0000)
"classid"="{9CA6AD35-A548-4c7b-8E0A-EF29748FAA16}"
"name"="res://wmploc.dll/RT_STRING/#5528"
"description"="res://wmploc.dll/RT_STRING/#5529"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars\Properties]
@DACL=(02 0000)
"classid"="{48501FF0-F6A9-11D2-9435-00A0C92A2F2D}"
"name"="res://wmploc.dll/RT_STRING/#5500"
"description"="res://wmploc.dll/RT_STRING/#5512"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Dotplane\Properties]
@DACL=(02 0000)
"classid"="{61180810-EF20-11D2-9431-00A0C92A2F2D}"
"name"="res://wmploc.dll/RT_STRING/#5508"
"description"="res://wmploc.dll/RT_STRING/#5514"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Plenoptic\Properties]
@DACL=(02 0000)
"classid"="{607C27E9-AB27-11d3-A116-A0EA50C10801}"
"name"="res://wmploc.dll/RT_STRING/#5530"
"description"="res://wmploc.dll/RT_STRING/#5531"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Spikes\Properties]
@DACL=(02 0000)
"classid"="{4B657E70-08EF-11D3-9447-00A0C92A2F2D}"
"name"="res://wmploc.dll/RT_STRING/#5505"
"description"="res://wmploc.dll/RT_STRING/#5513"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist\Column]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox\Item]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist\Column]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp\Item]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\VirginMega.Fr]
@DACL=(02 0000)
"ColorPlayer"="#af0a0a"
"ColorPlayerText"="#FFFFFF"
"FriendlyName"="VirginMega.Fr\00dband\00tation"
"ImageLargeURL"="http://infocenter.virginmega.fr/Premium/Images/ServiceLargeURL.png"
"ImageMenuURL"="http://infocenter.virginmega.fr/Premium/Images/MenuURL.png\00all_globe02.png"
"Task1ButtonText"="Virg\0aMega\\nMusic"
"Task2ButtonText"="Virg\0aMega\\nRadio"
"Task1ButtonTip"="VirginMega 1er Self Service Music"
"Task2ButtonTip"="VirginMega 1er Self Service Music"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings\MP3Encoding]
@DACL=(02 0000)
"LowRate"=dword:0001f400
"MediumRate"=dword:0002ee00
"MediumHighRate"=dword:0003e800
"HighRate"=dword:0004e200
"PreferredCodecName"="mp3"
"PreferredCodecPath"="c:\\WINDOWS\\system32\\l3codecp.acm"
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList\FMPLAYER.DLL]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList\HWAUDIO.DLL]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList\XACTMP.DLL]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\ENC2002.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\EXCEL.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\MPLAYER2.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\NHL2003.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\NHL2003DEMO.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\POWERPNT.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\WINWORD.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\AOLTRAY.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\firefox.exe]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\MSN6.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\NETSCAPE.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\NETSCP.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\NETSCP6.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\WAOL.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist\NonSourceFilters]
@DACL=(02 0000)
"{BC5E21B0-504C-46F6-82BF-FB975C911AD6}"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist\SourceFilters]
@DACL=(02 0000)
"{4202947A-A563-4B05-A754-A1B4B5989849}"=""
"{B2D9BDDC-8E49-444B-9BA4-193ABF9C7870}"=""
"{CC823400-A8E4-4081-B073-D3B6D952FE69}"=""
"{E5415A66-7763-4BDE-B97F-5557CA73C303}"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Internet Explorer 6\SP1\KB889293-IE6SP1-20041111.235619\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB834707\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB873333\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB873339\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB885250\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB885835\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB885836\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB886185\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB887472\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB887742\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB888113\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB888302\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB890047\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB890175\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB891781\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{3FDF25EE-E592-4495-8391-6E9C504DAC2B}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\\WMSET10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\\wmset10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{60204BB3-7078-4F70-8F69-68297621941C}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60204BB3-7078-4F70-8F69-68297621941C}\\MPSTUB10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60204BB3-7078-4F70-8F69-68297621941C}\\mpstub10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\\MPCD10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\\mpcd10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}]
@DACL=(02 0000)
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{DD90D410-1823-43EB-9A16-A2331BF08799}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{DD90D410-1823-43EB-9A16-A2331BF08799}\\WMP10.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{DD90D410-1823-43EB-9A16-A2331BF08799}\\wmp10.cat"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\MSPMSP\KBDeviceList]
@DACL=(02 0000)
"SanDiskIM"="SanDisk ;ImageMate III ;2.3"
"SanDiskIMb"="E-USB Fl;ash ; "
"Lexmark"="Parallel; Flash Unit;"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
[HKEY_LOCAL_MACHINE\software\Nullsoft\Winamp]
@DACL=(02 0000)
.
Heure de fin: 2010-05-31 16:24:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-31 14:24
Avant-CF: 9 889 869 824 octets libres
Après-CF: 9 870 635 008 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
- - End Of File - - F943A2A6CEF1A9B182111908F7B044F7
-
Mieux je suppose
Toujours en mode sans echec.
examen rapide MBam :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4157
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
31/05/2010 15:30:47
mbam-log-2010-05-31 (15-30-47).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 151593
Temps écoulé: 6 minute(s), 35 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{e81b3727-f91c-4411-91fa-d551395f3432} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6b0450a-7666-46c3-85a9-f7fb3ea0be8f} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:44, on 31/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\guillaume.caulet\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://123web/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://123web/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O17 - HKLM\Software\..\Telephony: DomainName = tls.123multimedia.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wonderphone.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{228EFAA2-BC31-40E7-B521-33001DB0A377}: NameServer = 192.168.0.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6188 bytes
Je vais redémarrer (toujours en mode sans echec) et relancer Mbam mais j'ai bien peur qu'il y ait encore des "trucs"...
J'attends vos conseils/instructions
Merci.
-
Sympa le petit champignon atomique !
Fait..
Pratiquement dès le clic sur "moveit!" :
"OTM a rencontré une erreur et doit fermer etc..."
il paraissait continuer de tourner quand même mais comme cela durait j'ai préféré cliquer sur :
"ne pas envoyer le message d'erreur..." et tout s'est fermé.
j'ai relancé explorer...
redémarré.
voici le rapport:
Files moved on Reboot...
File C:\Documents and Settings\guillaume.caulet\Local Settings\Temp\1E1626.dmp not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXA349AV\common[1] moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXA349AV\iframe2[1].script scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXA349AV\zakachayka[1].script scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Reetencoremerci
-
Re,
merci pour toutes ces indications.
j'ai tout suivi à la lettre, j'ai du réinstaller mbam.
rkill :
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as guillaume.caulet on 31/05/2010 at 13:27:00.
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\guillaume.caulet\Bureau\rkill.exe
Rkill completed on 31/05/2010 at 13:27:15.
Mbam :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4157
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
31/05/2010 14:07:06
mbam-log-2010-05-31 (14-07-06).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 329696
Temps écoulé: 28 minute(s), 30 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\uf0268bybv.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{195e97ee-880f-4713-a736-8b726343d63a} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b48006bb-db9d-4d74-9edb-5d38e098384a} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ee2ed8ae-f399-4214-a751-9079526cf7ff} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\uf0268bybv.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\guillaume.caulet\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:58, on 31/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\guillaume.caulet\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://123web/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://123web/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O17 - HKLM\Software\..\Telephony: DomainName = tls.123multimedia.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wonderphone.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{228EFAA2-BC31-40E7-B521-33001DB0A377}: NameServer = 192.168.0.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O21 - SSODL: GootkitSSO - {E81B3727-F91C-4411-91FA-D551395F3432} - C:\WINDOWS\System32\msxsltsso.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6290 bytes
Merci.
-
Bonjour,
voici le rapport de TDSS (lancé sous windows mode sans échec) :
13:01:50:015 0868 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
13:01:50:015 0868 ================================================================================
13:01:50:015 0868 SystemInfo:
13:01:50:015 0868 OS Version: 5.1.2600 ServicePack: 2.0
13:01:50:015 0868 Product type: Workstation
13:01:50:015 0868 ComputerName: PC-WP-CAULET
13:01:50:015 0868 UserName: guillaume.caulet
13:01:50:015 0868 Windows directory: C:\WINDOWS
13:01:50:015 0868 Processor architecture: Intel x86
13:01:50:015 0868 Number of processors: 1
13:01:50:015 0868 Page size: 0x1000
13:01:50:015 0868 Boot type: Safe boot with network
13:01:50:015 0868 ================================================================================
13:01:50:234 0868 Initialize success
13:01:50:234 0868
13:01:50:234 0868 Scanning Services ...
13:01:50:562 0868 Raw services enum returned 339 services
13:01:50:578 0868
13:01:50:578 0868 Scanning Drivers ...
13:01:51:562 0868 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:01:51:609 0868 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:01:51:687 0868 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
13:01:51:734 0868 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
13:01:51:781 0868 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
13:01:51:937 0868 AmdK7 (c0f59933070392e662b3c2bb2be77955) C:\WINDOWS\system32\DRIVERS\amdk7.sys
13:01:52:062 0868 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:01:52:140 0868 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:01:52:218 0868 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:01:52:265 0868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:01:52:328 0868 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
13:01:52:359 0868 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
13:01:52:406 0868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:01:52:468 0868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:01:52:531 0868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:01:52:578 0868 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:01:52:625 0868 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:01:52:656 0868 Changer (daf1a8193b6caf0fb858cadcc5c4af4a) C:\WINDOWS\system32\drivers\Changer.sys
13:01:52:750 0868 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
13:01:52:859 0868 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
13:01:52:953 0868 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:01:53:015 0868 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
13:01:53:125 0868 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
13:01:53:187 0868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:01:53:234 0868 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:01:53:281 0868 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:01:53:359 0868 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
13:01:53:390 0868 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:01:53:484 0868 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:01:53:531 0868 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:01:53:593 0868 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
13:01:53:656 0868 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
13:01:53:718 0868 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:01:53:781 0868 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
13:01:53:843 0868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:01:53:890 0868 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:01:53:921 0868 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:01:53:968 0868 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:01:54:015 0868 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:01:54:093 0868 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
13:01:54:140 0868 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:01:54:203 0868 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:01:54:265 0868 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:01:54:343 0868 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
13:01:54:390 0868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:01:54:437 0868 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:01:54:484 0868 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:01:54:546 0868 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:01:54:609 0868 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
13:01:54:671 0868 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:01:54:734 0868 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:01:54:781 0868 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:01:54:828 0868 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:01:54:906 0868 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
13:01:54:968 0868 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
13:01:55:015 0868 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
13:01:55:093 0868 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys
13:01:55:140 0868 MEMSWEEP2 (1595fecffbe9ea2417e06d5fd0bfa4c4) C:\WINDOWS\system32\67.tmp
13:01:55:203 0868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:01:55:234 0868 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
13:01:55:281 0868 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:01:55:328 0868 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:01:55:375 0868 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:01:55:453 0868 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:01:55:531 0868 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:01:55:593 0868 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:01:55:656 0868 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:01:55:671 0868 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:01:55:703 0868 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:01:55:750 0868 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:01:55:796 0868 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:01:55:890 0868 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100523.004\naveng.sys
13:01:56:000 0868 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100523.004\navex15.sys
13:01:56:093 0868 NDIS (93b984ecaff503d80c61e76a9959ceea) C:\WINDOWS\system32\drivers\NDIS.sys
13:01:56:171 0868 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:01:56:218 0868 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:01:56:265 0868 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:01:56:328 0868 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:01:56:375 0868 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:01:56:421 0868 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:01:56:468 0868 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:01:56:531 0868 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
13:01:56:578 0868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:01:56:718 0868 nv (8e836672c1e476772cd18b7b4a671b4b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:01:56:796 0868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:01:56:859 0868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:01:56:906 0868 pan_emmi (98be22219b5f5dbf8ddeb9fcb991f088) C:\WINDOWS\system32\DRIVERS\pan_emmi.sys
13:01:56:984 0868 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
13:01:57:046 0868 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:01:57:093 0868 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
13:01:57:156 0868 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
13:01:57:296 0868 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:01:57:359 0868 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
13:01:57:546 0868 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:01:57:609 0868 prepdrvr (3909be53ad8e2bfcac9d9148e4b2b270) C:\WINDOWS\system32\CCM\prepdrv.sys
13:01:57:671 0868 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:01:57:718 0868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:01:57:765 0868 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
13:01:57:906 0868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:01:57:937 0868 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
13:01:58:015 0868 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:01:58:078 0868 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:01:58:140 0868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:01:58:234 0868 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:01:58:312 0868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:01:58:390 0868 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:01:58:468 0868 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
13:01:58:546 0868 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:01:58:656 0868 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program Files\Symantec AntiVirus\savrt.sys
13:01:58:671 0868 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
13:01:58:750 0868 sdcplh (dac1594437cd44ff57fafc71256fe7f3) C:\WINDOWS\system32\drivers\sdcplh.sys
13:01:58:828 0868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:01:58:890 0868 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:01:58:937 0868 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
13:01:58:968 0868 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:01:59:031 0868 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
13:01:59:125 0868 smwdm (1d381a07361e4d6a8be95026b3eba47a) C:\WINDOWS\system32\drivers\smwdm.sys
13:01:59:203 0868 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:01:59:328 0868 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
13:01:59:390 0868 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
13:01:59:453 0868 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\System32\DRIVERS\sr.sys
13:01:59:515 0868 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
13:01:59:593 0868 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
13:01:59:640 0868 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:01:59:703 0868 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:01:59:796 0868 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS
13:01:59:859 0868 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:01:59:921 0868 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
13:02:00:000 0868 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:02:00:078 0868 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:02:00:171 0868 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:02:00:234 0868 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:02:00:328 0868 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:02:00:406 0868 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:02:00:468 0868 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:02:00:562 0868 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
13:02:00:625 0868 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:02:00:687 0868 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:02:00:750 0868 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:02:00:781 0868 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:02:00:843 0868 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:02:00:875 0868 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:02:00:937 0868 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:02:00:968 0868 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:02:01:000 0868 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
13:02:01:062 0868 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
13:02:01:140 0868 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:02:01:218 0868 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
13:02:01:281 0868 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:02:01:281 0868
13:02:01:281 0868 Completed
13:02:01:281 0868
13:02:01:281 0868 Results:
13:02:01:281 0868 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:02:01:281 0868 File objects infected / cured / cured on reboot: 0 / 0 / 0
13:02:01:281 0868
13:02:01:296 0868 KLMD(ARK) unloaded successfully
Merci.
-
Bonjour,
Je me suis chopé un malware/trojan je ne sais pas exactement mais qui me faisais une alerte : "Windows security alerte - vous êtes infecté - cliquez là pour mettre à jour etc..."
Impossible de mettre à jour Mbam qui ne trouve rien.
Au démarrage j'ai une alerte : Kernel Veryfier planté...
Ensuite spybot remonte : "modification base de registre : Browser Helper Object"
J'ai ensuite en continu/a répétition des alertes, a priori de symantec : "analyse message spam"
Spybot trouve 2 entrées suspectes :
Microsoft.Windows.disableSystemRestore: [sBI $6296EC95] Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR
PWS.LDPinchIE: [sBI $32D83D62] Réglages utilisateur (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-2585863069-191951369-856499580-5893\Software\Microsoft\Windows\CurrentVersion\Explorer\idstrf
voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:47, on 31/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\guillaume.caulet\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://123web/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: C:\WINDOWS\system32\uf0268bybv.dll - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\WINDOWS\system32\uf0268bybv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://123web/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O17 - HKLM\Software\..\Telephony: DomainName = tls.123multimedia.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wonderphone.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{228EFAA2-BC31-40E7-B521-33001DB0A377}: NameServer = 192.168.0.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tls.123multimedia.com
O21 - SSODL: GootkitSSO - {EE2ED8AE-F399-4214-A751-9079526CF7FF} - C:\WINDOWS\System32\msxsltsso.dll
O22 - SharedTaskScheduler: har98fefiesjfs93s8i9sejsdf - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\WINDOWS\system32\uf0268bybv.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6422 bytes
Si qq'un peut m'aider...
Au secours !!!!!
Merci.
infecté 26/05
dans Analyses et éradication malwares
Posté(e)
Ok
Merci
Bonne journée.
A plouche