[Résolu] Malewares déguisés en anti-virus

[Hadral]

Bonjour !

 

Mon PC reçoit de fausses alertes signalant virus et spyware, comme par exemple "Micro Antivirus 2009". J'ai exécuté plusieurs fois Spybot et Malewarebytes, mais certains trojans ne semblent pas vouloir disparaître. Je vais donc poster ici les derniers rapports Hijackthis et Malewarebytes pour que les personnes compétentes prennent la relève !

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:12:05, on 29/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hijackthis\HijackThis.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061213

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061213

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6A5F2B56-023D-4262-8282-BC7B2EAE0486} - C:\WINDOWS\system32\pmnlmjGX.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\NetTransport 2\NTIEHelper.dll

O2 - BHO: QXK Olive - {DA1DA6E7-6C9A-4F07-962D-04F423A34E65} - C:\WINDOWS\dfmlxbpkwga.dll

O3 - Toolbar: peltodgx - {BECDB70D-AE92-4B86-A8D5-0790D704B299} - C:\WINDOWS\peltodgx.dll (file missing)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O20 - AppInit_DLLs: rnuwgz.dll

O21 - SSODL: onfwbsak - {71759BC0-38FC-40D4-B241-9F3733D38458} - C:\WINDOWS\onfwbsak.dll

O21 - SSODL: rwlfsdmk - {F3FCAB6A-BC96-4311-BE93-D06494DB445D} - C:\WINDOWS\rwlfsdmk.dll (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 5533 bytes

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1134

Windows 5.1.2600 Service Pack 2

 

29/09/2008 15:05:53

mbam-log-2008-09-29 (15-05-53).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 113851

Temps écoulé: 39 minute(s), 36 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 7

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 10

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\rnuwgz.dll (Trojan.Vundo) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930b4747-fd25-4c61-ab4e-7d0f9136007a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{930b4747-fd25-4c61-ab4e-7d0f9136007a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\rnuwgz.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\2149MRWN\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\5F57IKG8\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\I229S1DA\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\J5JON8KO\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\MIUQ2FW6\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pxxdkycu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\MicroAV\MicroAV.exe (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Modifié le 1 octobre 2008 par Hadral

[pear]

Bonjour,

 

 

# vous devez désactiver la protection en temps réel, de votre antivirus qui détecte certains composanst de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône en bas à droite à côté de l'horloge.

Télécharger SDFix (créé par AndyManchesta)

et le sauvegarder sur le Bureau.

Double cliquer sur SDFix.exe et choisir Install pour l'extraire

SDFix s'installe à la racine de la partition système (par défaut, Généralement C:). .

 

Redémarrer en mode sans échec

 

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.cmd pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

Si Sdfix ne se lance pas

1)Démarrer->Exécuter

Copiez/collez :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

cliquez ok, et validez.

Redémarrez et essayez de nouveau de lancer Sdfix.

 

2)Si vous avez le message Cette commande a été désactivée par votre Administrateur

Appuyez sur une touche pour continuer:

Démarrer->Exécuter

Copiez/Collez

%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg

Validez

Relancez Sdfix

 

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Postez le rapport ici.

Modifié le 29 septembre 2008 par pear

[Hadral]

Voilà le rapport :

 

SDFix: Version 1.230

Run by Aur‚lien on 30/09/2008 at 20:41

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Program Files\MicroAV\MicroAV.cpl - Deleted

C:\Program Files\MicroAV\MicroAV.ooo - Deleted

C:\Program Files\MicroAV\MicroAV0.dat - Deleted

C:\Program Files\MicroAV\MicroAV1.dat - Deleted

C:\WINDOWS\dfmlxbpkwga.dll - Deleted

C:\Documents and Settings\Aur‚lien\Application Data\TmpRecentIcons\Micro Antivirus 2009.lnk - Deleted

C:\empa.exe - Deleted

C:\WINDOWS\fbxrqtwn.exe - Deleted

C:\WINDOWS\onfwbsak.dll - Deleted

 

 

 

Folder C:\Program Files\MicroAV - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-30 20:50:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:f4901b43

"s2"=dword:ad2f3930

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:91,f5,00,e9,2c,46,d1,2b,a1,10,2d,4c,e8,40,86,ad,c2,3a,d7,99,a4,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:6b,f2,26,12,b1,e6,c2,1a,8b,8e,77,4c,fa,82,df,3d,a0,b1,4b,9e,29,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:45,60,c2,b5,0c,cd,1b,7e,04,de,8e,0e,8b,02,74,31,5e,ba,50,f0,09,..

"a0"=hex:20,01,00,00,d8,dd,af,8c,59,0e,18,74,90,ae,40,87,5c,c1,91,e2,fe,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:ba,c3,10,da,23,f8,c8,69,f2,8a,79,d6,db,7f,64,1b,e9,72,0d,26,b0,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:75,5d,53,33,60,7b,87,07,29,18,99,d6,a4,20,2f,d1,05,43,76,cc,32,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:41,4d,b5,6c,73,e9,ae,8c,25,c0,fb,ed,92,a5,cf,68,c0,86,23,e9,c0,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:69,71,ef,71,73,e7,0b,ed,e5,06,fe,a6,96,11,38,33,9b,d1,fa,d9,5e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:91,f5,00,e9,2c,46,d1,2b,a1,10,2d,4c,e8,40,86,ad,c2,3a,d7,99,a4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:6b,f2,26,12,b1,e6,c2,1a,8b,8e,77,4c,fa,82,df,3d,a0,b1,4b,9e,29,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:45,60,c2,b5,0c,cd,1b,7e,04,de,8e,0e,8b,02,74,31,5e,ba,50,f0,09,..

"a0"=hex:20,01,00,00,d8,dd,af,8c,59,0e,18,74,90,ae,40,87,5c,c1,91,e2,fe,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:ba,c3,10,da,23,f8,c8,69,f2,8a,79,d6,db,7f,64,1b,e9,72,0d,26,b0,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:75,5d,53,33,60,7b,87,07,29,18,99,d6,a4,20,2f,d1,05,43,76,cc,32,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:41,4d,b5,6c,73,e9,ae,8c,25,c0,fb,ed,92,a5,cf,68,c0,86,23,e9,c0,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:69,71,ef,71,73,e7,0b,ed,e5,06,fe,a6,96,11,38,33,9b,d1,fa,d9,5e,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu T II"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Program Files\\Cyanide\\Chaos-League MS\\ChaosLeagueEx.exe"="C:\\Program Files\\Cyanide\\Chaos-League MS\\ChaosLeagueEx.exe:*:Enabled:Chaos-League-MS"

"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Application Data\\kfdyqh.exe"="C:\\Documents and Settings\\Aur‚lien\\Local Settings\\Application Data\\kfdyqh.exe:*:Disabled:kfdyqh"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 18 Dec 2006 88 A.SHR --- "C:\i386\11AB572A03.sys"

Mon 18 Dec 2006 2,828 A.SH. --- "C:\i386\KGyGaAvL.sys"

Wed 10 Sep 2008 0 ..SH. --- "C:\WINDOWS\S0E651C98.tmp"

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"

Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

Mon 18 Dec 2006 88 ..SHR --- "C:\WINDOWS\system32\11AB572A03.sys"

Mon 18 Dec 2006 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Sat 5 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sat 6 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Tue 30 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\34d15b1fbf93584e4549c7d20c988496\BIT23.tmp"

Tue 30 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\699bfc4e107af4dd60cba5e3ca037019\BIT24.tmp"

Tue 30 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT20.tmp"

Tue 30 Sep 2008 7,281,784 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9bdb478ba8417d739a3c7ead1452ae1c\BIT22.tmp"

Tue 30 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b024880fe56b3ff50f74fc334213eb78\BIT25.tmp"

Wed 4 Jul 2007 857 ...HR --- "C:\Documents and Settings\Aur‚lien\Application Data\SecuROM\UserData\securom_v7_01.bak"

Tue 30 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4b869f18ffa23590ab9b302aa268b77f\download\BIT28.tmp"

Tue 30 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\695b737fb775f5f3594dffe6327b6afd\download\BIT29.tmp"

Tue 30 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\90278c5c0a95b94f1b4a73dda9853808\download\BIT2A.tmp"

 

Finished!

[pear]

Bonjour,

 

C'est mieux.

Encore des soucis ?

[Hadral]

A priori tout est rentré dans l'ordre !

 

Merci pour ton aide Pear