Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Resolu] Message permanent : Windows Security Alert

alainj77

Par alainj77
dans Analyses et éradication malwares

 Partager

Messages recommandés

alainj77 Mega Power Member

alainj77

Posté(e)
  • Auteur
Posté(e)

Re

Ok pour le changement du premier.

Excuse moi de ne pas répondre très vite, mais je ne peux faire les manips qu'à la maison et aujourd'hui je n'y suis pas en permanence.

Tenace je vais l'être tant que tu m'aides pas de pb. Mais j'espère que ça va servir de leçon au voisin (et peut être à d'autres) de ne pas aller sur Internet sans une protection fiable (anti virus, firewall, anti spyware).

 

Rapport de Combofix

 

ComboFix 07-08-17.2 - "GEORGES" 2007-08-20 14:13:24.1 - NTFSx86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.33.1036.18.550 [GMT 2:00]

 

 

((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))

 

 

2007-08-20 14:12 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-19 17:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-08-19 16:57 <REP> d-------- C:\19-08-2007

2007-08-19 14:30 <REP> d-------- C:\Program Files\Navilog1

2007-08-19 14:28 3,344 --a------ C:\WINDOWS\system32\tmp.reg

2007-08-17 10:15 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Mes documents

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Menu D‚marrer

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Favoris

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Bureau

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage r‚seau

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage d'impression

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\ModŠles

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Real

2007-08-17 09:52 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-17 09:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-08-15 11:49 37,376 --a------ C:\WINDOWS\system32\vtr114.dll

2007-07-24 13:59 <REP> d-------- C:\CH_ROCKS

2007-07-21 18:00 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom

2007-07-21 12:02 <REP> d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\InstallShield

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-18 09:47 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Skype

2007-08-18 05:44 --------- d-------- C:\Program Files\Microsoft Digital Image 10

2007-08-18 05:44 --------- d-------- C:\Program Files\Messenger

2007-08-18 05:44 --------- d-------- C:\Program Files\DesignPro

2007-08-18 05:44 --------- d-------- C:\Program Files\AOL 9.0

2007-08-17 09:52 --------- d-------- C:\Program Files\Lavasoft

2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-22 19:13 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-17 10:28 --------- d-------- C:\Program Files\MSXML 6.0

2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-07-10 10:34 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr

2007-07-09 22:53 --------- d-------- C:\Program Files\IEFavorisExport10

2007-07-07 22:27 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\OpenOffice.org2

2007-07-06 18:09 --------- d-------- C:\Program Files\Google

2007-07-06 18:02 --------- d-------- C:\Program Files\Norton Security Scan

2007-07-06 13:09 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Talkback

2007-06-27 15:24 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 15:24 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 15:24 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 15:24 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 15:24 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 15:23 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 15:22 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 08:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-23 19:51 4 --a------ C:\WINDOWS\info147.sys

2007-06-23 19:51 --------- d-------- C:\Program Files\Vg

2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe

2007-06-13 15:22 1037312 --------- C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll

2006-12-12 22:43 770048 --a------ C:\Program Files\autostitch.exe

2005-05-11 23:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00]

"VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-01-20 21:04 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

"adiras"="adiras.exe" []

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-14 13:40]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-14 13:35]

"Picasa Media Detector"="D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" []

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-14 18:39]

"E06FXLRD_7674218"="D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe" [2005-06-04 18:03]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 12:56]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]

 

D:\Documents and Settings\GEORGES.115179860314\Menu D‚marrer\Programmes\D‚marrage\

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]

C:\PROGRA~1\Magentic\bin\Magentic.exe /c

 

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys

S3 Via4in1;Via4in1;\??\C:\Via4in1.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30941-d389-11da-bbb5-4d6564696130}]

AutoRun\command- K:\ReadMe.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30942-d389-11da-bbb5-4d6564696130}]

AutoRun\command- L:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb4fe34-3768-11dc-80b4-00038a000015}]

AutoRun\command- J:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ed867b-eb6a-11db-bfa4-00038a000015}]

AutoRun\command- J:\InstallTomTomHOME.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-20 12:00:00 C:\WINDOWS\Tasks\Configurer mon PC.job - C:\Apps\SMP\PCSETUP.EXE

2007-08-20 12:00:00 C:\WINDOWS\Tasks\Extension de garantie.job - C:\APPS\SMP\PBCARNOT.EXE

2007-08-20 12:00:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job

2007-08-20 12:14:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

2007-07-06 10:57:26 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-20 14:16:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-20 14:18:37

 

--- E O F ---

 

 

Rapport de gmer :

 

GMER 1.0.13.12551 - http://www.gmer.net

Rootkit scan 2007-08-20 14:56:31

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.13 ----

 

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

 

---- Kernel code sections - GMER 1.0.13 ----

 

PAGENDSM NDIS.sys!NdisMIndicateStatus F7350A5F 6 Bytes JMP F5A7361C \SystemRoot\system32\drivers\fwdrv.sys

? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable.

? D:\DOCUME~1\GEORGE~1.115\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable.

 

---- User code sections - GMER 1.0.13 ----

 

.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[136] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00990429

.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[164] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00890429

.text C:\Program Files\QuickTime\qttask.exe[180] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00980429

.text C:\Program Files\Skype\Phone\Skype.exe[252] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003A0429

.text C:\Program Files\Skype\Phone\Skype.exe[252] WS2_32.dll!connect 719F406A 5 Bytes JMP 003A0526

.text C:\Program Files\Skype\Phone\Skype.exe[252] WS2_32.dll!send 719F428A 5 Bytes JMP 003A05D0

.text C:\Program Files\Skype\Phone\Skype.exe[252] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003A0543

.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[312] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429

.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[312] WS2_32.dll!connect 719F406A 5 Bytes JMP 00390526

.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[312] WS2_32.dll!send 719F428A 5 Bytes JMP 003905D0

.text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[312] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00390543

.text D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE[340] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003A0429

.text D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE[340] ws2_32.dll!connect 719F406A 5 Bytes JMP 003A0526

.text D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE[340] ws2_32.dll!send 719F428A 5 Bytes JMP 003A05D0

.text D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE[340] ws2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003A0543

.text c:\APPS\HIDSERVICE\HIDSERVICE.exe[360] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429

.text C:\WINDOWS\system32\ctfmon.exe[368] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003E0429

.text C:\Program Files\Messenger\msmsgs.exe[376] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003B0429

.text C:\Program Files\Messenger\msmsgs.exe[376] WS2_32.dll!connect 719F406A 5 Bytes JMP 003B0526

.text C:\Program Files\Messenger\msmsgs.exe[376] WS2_32.dll!send 719F428A 5 Bytes JMP 003B05D0

.text C:\Program Files\Messenger\msmsgs.exe[376] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003B0543

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003C0429

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] WS2_32.dll!connect 719F406A 5 Bytes JMP 003C0526

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] WS2_32.dll!send 719F428A 5 Bytes JMP 003C05D0

.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003C0543

.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[412] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 008B0429

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[484] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003D0429

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[484] WS2_32.dll!connect 719F406A 5 Bytes JMP 003D0526

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[484] WS2_32.dll!send 719F428A 5 Bytes JMP 003D05D0

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[484] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003D0543

.text C:\WINDOWS\system32\winlogon.exe[572] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 004A0429

.text C:\WINDOWS\system32\winlogon.exe[572] WS2_32.dll!connect 719F406A 5 Bytes JMP 004A0526

.text C:\WINDOWS\system32\winlogon.exe[572] WS2_32.dll!send 719F428A 5 Bytes JMP 004A05D0

.text C:\WINDOWS\system32\winlogon.exe[572] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 004A0543

.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 005A0429

.text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!connect 719F406A 5 Bytes JMP 005A0526

.text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!send 719F428A 5 Bytes JMP 005A05D0

.text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 005A0543

.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429

.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526

.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0

.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[752] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009B0429

.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429

.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526

.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0

.text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543

.text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429

.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526

.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0

.text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543

.text C:\Program Files\Windows Defender\MsMpEng.exe[892] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00570429

.text C:\Program Files\Windows Defender\MsMpEng.exe[892] WS2_32.dll!connect 719F406A 5 Bytes JMP 00570526

.text C:\Program Files\Windows Defender\MsMpEng.exe[892] WS2_32.dll!send 719F428A 5 Bytes JMP 005705D0

.text C:\Program Files\Windows Defender\MsMpEng.exe[892] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00570543

.text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429

.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526

.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0

.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543

.text C:\WINDOWS\system32\HPZipm12.exe[1068] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00620429

.text C:\WINDOWS\system32\HPZipm12.exe[1068] WS2_32.dll!connect 719F406A 5 Bytes JMP 00620526

.text C:\WINDOWS\system32\HPZipm12.exe[1068] WS2_32.dll!send 719F428A 5 Bytes JMP 006205D0

.text C:\WINDOWS\system32\HPZipm12.exe[1068] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00620543

.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429

.text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526

.text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0

.text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543

.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429

.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526

.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0

.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1352] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00970429

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1352] WS2_32.dll!connect 719F406A 5 Bytes JMP 00970526

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1352] WS2_32.dll!send 719F428A 5 Bytes JMP 009705D0

.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1352] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00970543

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1404] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003B0429

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1404] WS2_32.dll!connect 719F406A 5 Bytes JMP 003B0526

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1404] WS2_32.dll!send 719F428A 5 Bytes JMP 003B05D0

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1404] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003B0543

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[1480] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003D0429

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[1480] WS2_32.dll!connect 719F406A 5 Bytes JMP 003D0526

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[1480] WS2_32.dll!send 719F428A 5 Bytes JMP 003D05D0

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[1480] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003D0543

.text D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\gwennig.exe.exe[1548] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009F0429

.text C:\WINDOWS\system32\spoolsv.exe[1640] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00920429

.text C:\WINDOWS\system32\spoolsv.exe[1640] WS2_32.dll!connect 719F406A 5 Bytes JMP 00920526

.text C:\WINDOWS\system32\spoolsv.exe[1640] WS2_32.dll!send 719F428A 5 Bytes JMP 009205D0

.text C:\WINDOWS\system32\spoolsv.exe[1640] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00920543

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1768] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00C60429

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1768] WS2_32.dll!connect 719F406A 5 Bytes JMP 00C60526

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1768] WS2_32.dll!send 719F428A 5 Bytes JMP 00C605D0

.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1768] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00C60543

.text D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1856] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00620429

.text D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1856] WS2_32.dll!connect 719F406A 5 Bytes JMP 00620526

.text D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1856] WS2_32.dll!send 719F428A 5 Bytes JMP 006205D0

.text D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1856] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00620543

.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[1912] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A80429

.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[1912] WS2_32.dll!connect 719F406A 5 Bytes JMP 00A80526

.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[1912] WS2_32.dll!send 719F428A 5 Bytes JMP 00A805D0

.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[1912] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00A80543

.text C:\WINDOWS\system32\VTTimer.exe[1960] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429

.text C:\WINDOWS\system32\VTtrayp.exe[1968] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429

.text C:\WINDOWS\SOUNDMAN.EXE[1980] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00980429

.text c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe[1992] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009A0429

.text C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe[2008] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003A0429

.text ...

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00390526

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2200] WS2_32.dll!send 719F428A 5 Bytes JMP 003905D0

.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2200] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00390543

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2316] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2316] WS2_32.dll!connect 719F406A 5 Bytes JMP 00390526

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2316] WS2_32.dll!send 719F428A 5 Bytes JMP 003905D0

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2316] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00390543

.text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429

.text C:\WINDOWS\System32\svchost.exe[2544] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526

.text C:\WINDOWS\System32\svchost.exe[2544] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0

.text C:\WINDOWS\System32\svchost.exe[2544] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2708] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00530429

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2708] WS2_32.dll!connect 719F406A 5 Bytes JMP 00530526

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2708] WS2_32.dll!send 719F428A 5 Bytes JMP 005305D0

.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2708] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00530543

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2752] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003D0429

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2752] WS2_32.dll!connect 719F406A 5 Bytes JMP 003D0526

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2752] WS2_32.dll!send 719F428A 5 Bytes JMP 003D05D0

.text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2752] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003D0543

.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 005A0429

.text C:\WINDOWS\System32\alg.exe[3068] WS2_32.dll!connect 719F406A 5 Bytes JMP 005A0526

.text C:\WINDOWS\System32\alg.exe[3068] WS2_32.dll!send 719F428A 5 Bytes JMP 005A05D0

.text C:\WINDOWS\System32\alg.exe[3068] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 005A0543

.text C:\WINDOWS\explorer.exe[3688] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003E0429

.text C:\WINDOWS\explorer.exe[3688] WS2_32.dll!connect 719F406A 5 Bytes JMP 003E0526

.text C:\WINDOWS\explorer.exe[3688] WS2_32.dll!send 719F428A 5 Bytes JMP 003E05D0

.text C:\WINDOWS\explorer.exe[3688] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003E0543

 

---- Kernel IAT/EAT - GMER 1.0.13 ----

 

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5A73470] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5A7348B] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F5A7350F] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F5A73532] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F5A7350F] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F5A7348B] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F5A73470] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F5A7350F] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F5A73532] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5A73470] \SystemRoot\system32\drivers\fwdrv.sys

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5A7348B] \SystemRoot\system32\drivers\fwdrv.sys

 

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [ECBCDF76] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [ECBCC812] aswMon2.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F5A5CCC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F778C2C0] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F778C2C0] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F5A5CCC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F778C2C0] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F5A5CCC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F5A5CCC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F778C2C0] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F778C8E6] aswTdi.SYS

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F778C8E6] aswTdi.SYS

 

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE EBB9FC8A

Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE EBB9C7C8

Device \FileSystem\Fastfat \Fat IRP_MJ_READ EBB9860A

Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE EBB98AED

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION EBBA3958

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION EBBA6821

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA EBBAF38A

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA EBBAED49

Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS EBBA8BBE

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION EBBA9331

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION EBBB74F4

Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL EBB9FB37

Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL EBB9B948

Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL EBBA546B

Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN EBBB679D

Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL EBBB5C4A

Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP EBB9C2FD

Device \FileSystem\Fastfat \Fat IRP_MJ_PNP EBBB61DB

Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible EBBB11F9

 

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [ECBCDF76] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [ECBCC812] aswMon2.SYS

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [ECBCC812] aswMon2.SYS

 

---- Registry - GMER 1.0.13 ----

 

Reg \Registry\USER\S-1-5-21-2834144396-330407623-3462022994-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:Q:\Qbphzragf naq Frggvatf\TRBETRF.115179860314\Ohernh\Cebt. VaperqvZnvy KR Cerzvhz se 1609 (29-07-04)+nqqbaf(+Tbyq)+Pex+FxvaPerngbe 1561(01-07-04)+YrggrePerngbe+Vaperqv\VaperqvZnvy KR Cerzvhz ohvyq 1609 (29-07-04)\VaperqvZnvy Qvpgvbanver Se.rkr 0x3D 0x00 0x00 0x00 ...

Reg \Registry\USER\S-1-5-21-2834144396-330407623-3462022994-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:Q:\Qbphzragf naq Frggvatf\TRBETRF.115179860314\Ohernh\Cebt. VaperqvZnvy KR Cerzvhz se 1609 (29-07-04)+nqqbaf(+Tbyq)+Pex+FxvaPerngbe 1561(01-07-04)+YrggrePerngbe+Vaperqv\VaperqvZnvy KR Cerzvhz ohvyq 1609 (29-07-04)\Yrggre Perngbe Obahf cnpx.rkr 0x3D 0x00 0x00 0x00 ...

 

---- Files - GMER 1.0.13 ----

 

ADS D:\Documents and Settings\GEORGES.115179860314\Favoris\Résultats de la recherche d:favicon

ADS D:\Documents and Settings\GEORGES.115179860314\Local Settings\Application Data\Microsoft\Messenger\geothomas@hotmail.fr\SharingMetadata\nounouche30@hotmail.fr\DFSR\Staging\CS{4C185C88-73E8-2DB7-BF12-90A32E16D728}1\10-{4C185C88-73E8-2DB7-BF12-90A32E16D728}-v1-{613E0D40-10FD-4C51-B30C-F8F90541ED88}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

 

---- EOF - GMER 1.0.13 ----

 

Bon courage

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir alainj77,

 

*** Je pense avoir compris pourquoi ce fichier résistait si bien... mais nous allons en profiter pour terminer le nettoyage... ***

 

 

ETAPE 1 : Désactivactivation de l'économiseur d'écran

 

Dans un premier temps, je voudrais que tu désactives l'économiseur d'écran

--> Clic-droit sur le bureau, propriétés, écran de veille --> Choisis "aucun"

 

 

ETAPE 2 : Désactivation temporaire de la protection en temps réel d'Ad-Aware :

 

--> Ouvre le programme --> Ad-Watch --> Désactivé (si tu as la version payante !)

 

 

ETAPE 3 : Création d'un point de restauration du système :

 

--> Suis cet excellent tutoriel de Anthony

 

 

ETAPE 4 : Analyse d'un fichier suspect :

 

# Rends-toi sur ce site-ci

  • Clique sur "Parcourir" (comme indiqué sur le dessin) jotti.gif
  • Recherche le fichier suivant : C:\PROGRA~1\Magentic\bin\Magentic.exe
  • Clique sur "Submit"
  • Copie-colle le rapport dans ta prochaine réponse...

*** Si le site est trop surchargé, tu peux refaire la même opération ici ("Send" à la place de "Submit")

 

 

ETAPE 5 : Exécution d'un script personnalisé pour Combofix

  • Ouvre le bloc-note et colles-y les lignes écrites en citation ci-dessous :
    File::
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\vtr114.dll
    C:\WINDOWS\system32\hanonvt.ini
    C:\WINDOWS\Tasks\Norton Security Scan.job
    C:\Program Files\Norton Security Scan\Nss.exe
     
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
     
  • Enregistre-le en lui donnant le nom CFScript
  • Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
    CFScript.gif
  • Poste le résultat et un nouveau rapport HijackThis !

Bonne chance !

:P

alainj77 Mega Power Member

alainj77

Posté(e)
  • Auteur
Posté(e)

Bonjour

Etapes 1,2,3 pas de problème mais pour l'étape 4, je ne trouve pas de dossier magentic, ni de magentic.exe sur C ni sur D d'ailleurs.

Je pense que l'étape 5 devient inutile dans ce cas?

alainj77 Mega Power Member

alainj77

Posté(e)
  • Auteur
Posté(e)

Re bonjour

J'ai dans le doute quand même fait l'étape5 dont voici le rapport

 

ComboFix 07-08-17.2 - "GEORGES" 2007-08-21 9:07:21.2 - NTFSx86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.508 [GMT 2:00]

Command switches used :: D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\CFScript.txt

* Created a new restore point

 

FILE::

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\vtr114.dll

C:\WINDOWS\system32\hanonvt.ini

C:\WINDOWS\Tasks\Norton Security Scan.job

C:\Program Files\Norton Security Scan\Nss.exe

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Norton Security Scan\Nss.exe

C:\WINDOWS\system32\hanonvt.ini

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\vtr114.dll

C:\WINDOWS\Tasks\Norton Security Scan.job

 

 

((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))

 

 

2007-08-20 14:12 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-19 17:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-08-19 16:57 <REP> d-------- C:\19-08-2007

2007-08-19 14:30 <REP> d-------- C:\Program Files\Navilog1

2007-08-17 10:15 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Mes documents

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Menu D‚marrer

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Favoris

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Bureau

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage r‚seau

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage d'impression

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\ModŠles

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Real

2007-08-17 09:52 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-17 09:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-07-24 13:59 <REP> d-------- C:\CH_ROCKS

2007-07-21 18:00 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom

2007-07-21 12:02 <REP> d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\InstallShield

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-21 09:09 --------- d-------- C:\Program Files\Norton Security Scan

2007-08-18 09:47 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Skype

2007-08-18 05:44 --------- d-------- C:\Program Files\Microsoft Digital Image 10

2007-08-18 05:44 --------- d-------- C:\Program Files\Messenger

2007-08-18 05:44 --------- d-------- C:\Program Files\DesignPro

2007-08-18 05:44 --------- d-------- C:\Program Files\AOL 9.0

2007-08-17 09:52 --------- d-------- C:\Program Files\Lavasoft

2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-22 19:13 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-17 10:28 --------- d-------- C:\Program Files\MSXML 6.0

2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-07-10 10:34 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr

2007-07-09 22:53 --------- d-------- C:\Program Files\IEFavorisExport10

2007-07-07 22:27 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\OpenOffice.org2

2007-07-06 18:09 --------- d-------- C:\Program Files\Google

2007-07-06 13:09 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Talkback

2007-06-27 15:24 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 15:24 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 15:24 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 15:24 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 15:24 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 15:23 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 15:22 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 08:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-23 19:51 4 --a------ C:\WINDOWS\info147.sys

2007-06-23 19:51 --------- d-------- C:\Program Files\Vg

2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe

2007-06-13 15:22 1037312 --------- C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll

2006-12-12 22:43 770048 --a------ C:\Program Files\autostitch.exe

2005-05-11 23:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00]

"VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-01-20 21:04 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

"adiras"="adiras.exe" []

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-14 13:40]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-14 13:35]

"Picasa Media Detector"="D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" []

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-14 18:39]

"E06FXLRD_7674218"="D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe" [2005-06-04 18:03]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 12:56]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]

 

D:\Documents and Settings\GEORGES.115179860314\Menu D‚marrer\Programmes\D‚marrage\

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]

C:\PROGRA~1\Magentic\bin\Magentic.exe /c

 

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys

S3 Via4in1;Via4in1;\??\C:\Via4in1.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30941-d389-11da-bbb5-4d6564696130}]

AutoRun\command- K:\ReadMe.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30942-d389-11da-bbb5-4d6564696130}]

AutoRun\command- L:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb4fe34-3768-11dc-80b4-00038a000015}]

AutoRun\command- J:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ed867b-eb6a-11db-bfa4-00038a000015}]

AutoRun\command- J:\InstallTomTomHOME.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-21 07:00:00 C:\WINDOWS\Tasks\Configurer mon PC.job - C:\Apps\SMP\PCSETUP.EXE

2007-08-21 07:00:00 C:\WINDOWS\Tasks\Extension de garantie.job - C:\APPS\SMP\PBCARNOT.EXE

2007-08-21 07:00:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job

2007-08-21 05:58:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-21 09:11:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-21 9:15:02 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-21 09:14

C:\ComboFix2.txt ... 2007-08-20 14:18

 

--- E O F ---

 

plus le rapport Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 09:17:27, on 21/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8B691143-A3DE-4145-9A7A-D6247DE1E3EB}: NameServer = 80.10.246.130 80.10.246.3

O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

 

Re bonjour

J'ai dans le doute quand même fait l'étape5 dont voici le rapport

 

ComboFix 07-08-17.2 - "GEORGES" 2007-08-21 9:07:21.2 - NTFSx86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.508 [GMT 2:00]

Command switches used :: D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\CFScript.txt

* Created a new restore point

 

FILE::

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\vtr114.dll

C:\WINDOWS\system32\hanonvt.ini

C:\WINDOWS\Tasks\Norton Security Scan.job

C:\Program Files\Norton Security Scan\Nss.exe

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Norton Security Scan\Nss.exe

C:\WINDOWS\system32\hanonvt.ini

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\vtr114.dll

C:\WINDOWS\Tasks\Norton Security Scan.job

 

 

((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))

 

 

2007-08-20 14:12 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-19 17:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-08-19 16:57 <REP> d-------- C:\19-08-2007

2007-08-19 14:30 <REP> d-------- C:\Program Files\Navilog1

2007-08-17 10:15 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Mes documents

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Menu D‚marrer

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Favoris

2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Bureau

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage r‚seau

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage d'impression

2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\ModŠles

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Real

2007-08-17 09:52 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-08-17 09:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-07-24 13:59 <REP> d-------- C:\CH_ROCKS

2007-07-21 18:00 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom

2007-07-21 12:02 <REP> d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\InstallShield

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-21 09:09 --------- d-------- C:\Program Files\Norton Security Scan

2007-08-18 09:47 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Skype

2007-08-18 05:44 --------- d-------- C:\Program Files\Microsoft Digital Image 10

2007-08-18 05:44 --------- d-------- C:\Program Files\Messenger

2007-08-18 05:44 --------- d-------- C:\Program Files\DesignPro

2007-08-18 05:44 --------- d-------- C:\Program Files\AOL 9.0

2007-08-17 09:52 --------- d-------- C:\Program Files\Lavasoft

2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-22 19:13 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-17 10:28 --------- d-------- C:\Program Files\MSXML 6.0

2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-07-10 10:34 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr

2007-07-09 22:53 --------- d-------- C:\Program Files\IEFavorisExport10

2007-07-07 22:27 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\OpenOffice.org2

2007-07-06 18:09 --------- d-------- C:\Program Files\Google

2007-07-06 13:09 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Talkback

2007-06-27 15:24 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 15:24 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 15:24 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 15:24 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 15:24 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 15:23 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 15:22 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 08:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-23 19:51 4 --a------ C:\WINDOWS\info147.sys

2007-06-23 19:51 --------- d-------- C:\Program Files\Vg

2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe

2007-06-13 15:22 1037312 --------- C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll

2006-12-12 22:43 770048 --a------ C:\Program Files\autostitch.exe

2005-05-11 23:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00]

"VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-01-20 21:04 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

"adiras"="adiras.exe" []

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-14 13:40]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-14 13:35]

"Picasa Media Detector"="D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" []

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-14 18:39]

"E06FXLRD_7674218"="D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe" [2005-06-04 18:03]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 12:56]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]

 

D:\Documents and Settings\GEORGES.115179860314\Menu D‚marrer\Programmes\D‚marrage\

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]

C:\PROGRA~1\Magentic\bin\Magentic.exe /c

 

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys

S3 Via4in1;Via4in1;\??\C:\Via4in1.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30941-d389-11da-bbb5-4d6564696130}]

AutoRun\command- K:\ReadMe.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30942-d389-11da-bbb5-4d6564696130}]

AutoRun\command- L:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb4fe34-3768-11dc-80b4-00038a000015}]

AutoRun\command- J:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ed867b-eb6a-11db-bfa4-00038a000015}]

AutoRun\command- J:\InstallTomTomHOME.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-21 07:00:00 C:\WINDOWS\Tasks\Configurer mon PC.job - C:\Apps\SMP\PCSETUP.EXE

2007-08-21 07:00:00 C:\WINDOWS\Tasks\Extension de garantie.job - C:\APPS\SMP\PBCARNOT.EXE

2007-08-21 07:00:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job

2007-08-21 05:58:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-21 09:11:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-21 9:15:02 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-21 09:14

C:\ComboFix2.txt ... 2007-08-20 14:18

 

--- E O F ---

 

plus le rapport Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 09:17:27, on 21/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8B691143-A3DE-4145-9A7A-D6247DE1E3EB}: NameServer = 80.10.246.130 80.10.246.3

O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonjour alainj77,

 

*** Cette crasse de fichier a aussi résisté à CFScript !!! ***

---> S!Ri, l'auteur du fix, a mis à jour son programme cette nuit pour venir à bout de ce fichier récalcitrant (merci S!Ri)...

 

1) Supprime l'ancienne version de SmitFraudFix et tout son dossier présent sur le bureau

 

 

2) Télécharge la dernière version de SmitFraudFix

 

 

3) Démarre en mode sans échec sur ta session comme indiqué ici

 

 

4) Relance smitfraudfix.cmd

 

* Choisis l'option 2 puis valide avec la touche [entrée]

 

--> A la question "Voulez-vous nettoyer le registre ?" répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

 

* Le fix déterminera si le fichier wininet.dll est infecté

 

--> A la question "Corriger le fichier infecté ?" répondre O (oui) pour remplacer le fichier corrompu.

--> A la fin du scan, sauvegarde le rapport (Fichier/Enregistrer sous...) sur le Bureau.

--> Fais un copier-coller du contenu de ce rapport dans ta prochaine réponse

 

Note : L'option 1 supprimera les infections traitées par l'outil

Important : l'option 2 de SmitFraudFix enlève le fond d'écran !

 

--> Assure-toi d'avoir sauvé ton image d'arrière-plan sous un nom précis à un endroit que tu sais retrouver avant de lancer SmitFraudFix !

 

 

5) Redémarre en mode normal et poste un rapport HiajckThis comme expliqué plus haut...

 

 

Bonne chance !!!

Ce coup-ci... :P

alainj77 Mega Power Member

alainj77

Posté(e)
  • Auteur
Posté(e)

Re bonjour

Et le revoilou, il est toujours là. Mais SmitFraudFix ne m'a pas demandé d'enlever de fichier infecté.

 

Rapport SmitFraudFix

 

SmitFraudFix v2.212

 

Rapport fait à 12:46:27,93, 21/08/2007

Executé à partir de D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

Rapport Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 12:53:10, on 21/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe

C:\WINDOWS\system32\WgaTray.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

alainj77 Mega Power Member

alainj77

Posté(e)
  • Auteur
Posté(e)

Re

Bon cette fois ci j'ai pris le bon et apparemment ça marche mieux effectivement.

 

Rapport de SmitFraudFix

 

SmitFraudFix v2.214

 

Rapport fait à 13:51:06,17, 21/08/2007

Executé à partir de D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

Problème suppression C:\WINDOWS\system32\Delete_Me_Dummy_hanonvt.ini

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

 

C:\WINDOWS\system32\Delete_Me_Dummy_hanonvt.ini supprimé

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

Rapport Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 13:55:39, on 21/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

Je crois que cette fois vous l'avez eu :P

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonjour alainj77,

 

*** Excellent travail, nous y sommes enfin arrivés !!! *** :P

 

 

1) Ré-active la protection résidente de Ad-Aware 2007

---> Ad-watch ---> Activer !

 

 

2) Ré-active l'économiseur d'écran

 

 

3) Clique sur Démarrer, puis sur Panneau de configration et va dans l'Ajout /Suppression de programmes :

  • Désinstalle (si présent) EoRezo, go-astro, GoRecord, HotTVPlayer, MailSkinner, Messenger Skinner, Instant Access, InternetGameBox, sudoplanet, Webmediaplayer (sauf s'il vient du site : http://www.azertysite.new.fr/)
    ----> L'un d'entre eux est probablement responsable de l'infection NaviPromo !
  • Désinstalle Avast!

---> Avira, Avg, ou Active Virus Shield (désactive la barre de sécurité pendant l'installation) sont d'excellents antivirus gratuits !

 

 

4) Télécharge ToolsCleaner! de A.Rothstein pour enlever les programmes que nous avons utilisés pendant la procédure.

  • Enregistre ToolsCleaner!.zip sur le Bureau puis décompresse-le
  • Double-clique dessus --> Le programme va nettoyer les fichiers...
  • Ouvre le rapport que tu trouveras là ~C:\TCleaner.txt
  • Copie-colle le contenu de ce rapport dans ta prochaine réponse

---> Tu as été tiré d'affaire grâce à l'excellent programme de S!Ri ; si tu considères que c'est normal, tu peux lui envoyer une donation

 

@ très vite pour les derniers conseils

:P

alainj77 Mega Power Member

alainj77

Posté(e)
  • Auteur
Posté(e)

Re

 

Bon vous l'avez bien mérité tous les 2 :P et ce soir :P

Pour la désisntallation si j'avais su je me serai pas tapé ça manuellement, mais j'ai quand même passé ToolsCleaner et je joins le rapport :

 

********ToolsCleaner! (A.Rothstein)********

 

 

 

Nettoyage commence le 21/08/2007 a 14:50:03,96

 

***************************************

 

Aucuns Programmes trouves!

***************************************

 

Fin le 21/08/2007 a 14:50:04,14

 

Merci d'avoir utilise ToolsCleaner!

 

 

Je ne dirai qu'un mot BRAVO

Merci à WawaSeb et à S!Ri pour leur patience et leur intervention plus qu'efficace.

Je souhaite que ce forum continue d'exister pour pouvoir aider tous ceux qui se retrouvent avec toutes ces 4bêtes' récupérées sur Internet.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...