Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

eradication de trojan digital protection

elnino

Par elnino
dans Analyses et éradication malwares

 Partager

Messages recommandés

elnino Junior Member

elnino

Posté(e)
Posté(e)

re bonsoir,

alors je venais vous dire par digital protection et par d'autres trojans.

j'ai essayé de l'effacer mais sans succes. La j'ai lu vos conseils sur ce sujet , j'ai téléchargé rkill et Mbam.

la je suis en train de faire le scan avec Mbam ( je l'ai déja utilisé 1 fois deja et il m'a effacé le trojan , j'ai cru que c'étais fini mais non il est tjs la).

je vais vous envoyer les rapports dès la fin du scan.

Merci

elnino Junior Member

elnino

Posté(e)
  • Auteur
Posté(e)

alors rapport rkill:

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as sahbi on 05/01/2010 at 20:49:05.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\Users\sahbi\AppData\Local\Temp\asrkn_pfu.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\sahbi\Desktop\rkill.com

C:\Windows\System32\wsqmcons.exe

 

 

Rkill completed on 05/01/2010 at 20:49:10.

 

 

 

Rapport mbam:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4057

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

 

01-05-2010 22:52:26

mbam-log-2010-05-01 (22-52-26).txt

 

Type d'examen: Examen complet (C:\|E:\|F:\|)

Elément(s) analysé(s): 261386

Temps écoulé: 1 heure(s), 56 minute(s), 52 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonsoir elnino,

 

Désactive tes outils de sécurité pour qu'ils ne gênent pas le passage de l'outil suivant.

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

  • Double-clique combofix.exe afin de l'exécuter et suis les instructions.
  • Lorsque l'analyse sera complétée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.

elnino Junior Member

elnino

Posté(e)
  • Auteur
Posté(e)

voila le rapport:

 

ComboFix 10-05-01.02 - sahbi 05/02/2010 1:27.1.2 - x86

Microsoft® Windows Vista Edition Familiale Premium 6.0.6002.2.1256.216.1036.18.1013.310 [GMT 2:00]

Running from: c:\users\sahbi\Desktop\ComboFix.exe

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-2256296683-2490543695-1737019047-500

c:\$recycle.bin\S-1-5-21-4229330736-3838111969-3694359616-500

c:\program files\Search Settings

c:\program files\Search Settings\kb127\SearchSettings.dll

c:\program files\Search Settings\kb127\SearchSettingsRes409.dll

c:\program files\Search Settings\SearchSettings.exe

c:\temp\1cb

c:\temp\1cb\syscheck.log

c:\users\sahbi\AppData\Roaming\Desktopicon

c:\users\sahbi\AppData\Roaming\Desktopicon\config.ini

c:\users\sahbi\AppData\Roaming\tazebama

 

.

((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))

.

 

2010-05-01 23:45 . 2010-05-01 23:47 -------- d-----w- c:\users\sahbi\AppData\Local\temp

2010-05-01 23:45 . 2010-05-01 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-01 18:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-01 18:54 . 2010-05-01 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 18:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-01 18:30 . 2010-05-01 18:33 36488 ----a-w- c:\windows\system32\drivers\klmd.sys

2010-05-01 18:30 . 2010-05-01 18:33 -------- d-----w- C:\tdsskiller

2010-05-01 15:46 . 2010-05-01 15:46 -------- d-----w- c:\users\sahbi\AppData\Roaming\Malwarebytes

2010-05-01 15:46 . 2010-05-01 15:46 -------- d-----w- c:\programdata\Malwarebytes

2010-05-01 13:56 . 2010-05-01 13:56 -------- d-----w- C:\sh4ldr

2010-05-01 13:56 . 2010-05-01 13:56 -------- d-----w- c:\program files\Enigma Software Group

2010-05-01 13:55 . 2010-05-01 14:40 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP

2010-05-01 13:55 . 2010-05-01 13:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-05-01 02:43 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-05-01 02:43 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-05-01 02:43 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-05-01 02:43 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-05-01 02:43 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-05-01 02:40 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-05-01 02:40 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-05-01 02:39 . 2010-05-01 02:39 -------- d-----w- c:\programdata\Alwil Software

2010-05-01 02:39 . 2010-05-01 02:39 -------- d-----w- c:\program files\Alwil Software

2010-04-28 09:06 . 2010-04-28 09:06 -------- d-----w- c:\program files\Common Files\Skype

2010-04-27 11:54 . 2010-04-27 11:54 -------- d-----w- c:\users\sahbi\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

2010-04-27 11:53 . 2010-04-27 11:53 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-04-22 19:49 . 2010-04-22 19:49 -------- d-----w- c:\programdata\TVU Networks

2010-04-19 16:46 . 2010-04-19 16:46 -------- d-----w- c:\program files\QuickTime

2010-04-19 16:45 . 2010-04-19 16:45 -------- d-----w- c:\programdata\Apple Computer

2010-04-19 01:26 . 2010-04-19 01:26 -------- d-----w- c:\program files\Windows Portable Devices

2010-04-19 01:07 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2010-04-19 01:07 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-04-19 01:07 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2010-04-19 01:05 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2010-04-19 01:04 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2010-04-19 01:04 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2010-04-19 01:04 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2010-04-18 17:58 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-04-18 17:58 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-04-18 17:58 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-04-18 12:37 . 2010-04-18 12:37 -------- d-----w- c:\windows\system32\ca-ES

2010-04-18 12:37 . 2010-04-18 12:37 -------- d-----w- c:\windows\system32\eu-ES

2010-04-18 12:36 . 2010-04-18 12:37 -------- d-----w- c:\windows\system32\vi-VN

2010-04-18 11:58 . 2010-04-18 11:58 -------- d-----w- c:\windows\system32\EventProviders

2010-04-17 13:41 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-04-17 13:25 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-17 13:25 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-17 13:25 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-17 13:25 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-17 13:25 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-17 13:15 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-17 13:15 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-04-17 13:15 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2010-04-17 12:39 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-04-17 12:38 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

2010-04-14 23:04 . 2010-04-14 23:04 -------- d-----w- c:\users\sahbi\AppData\Roaming\Move Networks

2010-04-14 22:01 . 2009-02-17 18:38 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2010-04-14 22:01 . 2008-12-30 09:57 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys

2010-04-14 22:01 . 2008-12-13 09:27 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2010-04-14 22:01 . 2008-04-14 07:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys

2010-04-14 22:01 . 2007-08-09 02:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2010-04-14 22:00 . 2010-04-14 22:02 -------- d-----w- c:\program files\Internet 3G+ Bouygues Telecom

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-01 23:50 . 2009-12-03 12:04 36446240 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-05-01 23:39 . 2008-11-30 23:55 -------- d-----w- c:\program files\Common Files\Akamai

2010-05-01 18:38 . 2009-12-03 12:04 424712 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-05-01 15:17 . 2010-04-01 01:00 443912 ----a-w- c:\users\sahbi\AppData\Roaming\Real\Update\setup3.11\setup.exe

2010-05-01 13:56 . 2010-05-01 13:56 110080 ----a-r- c:\users\sahbi\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe

2010-05-01 13:56 . 2010-05-01 13:56 110080 ----a-r- c:\users\sahbi\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe

2010-05-01 13:31 . 2006-11-02 15:48 659180 ----a-w- c:\windows\system32\perfh00C.dat

2010-05-01 13:31 . 2006-11-02 15:48 122976 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-30 23:51 . 2008-05-08 19:07 -------- d-----w- c:\users\sahbi\AppData\Roaming\Skype

2010-04-30 22:03 . 2008-05-08 19:09 -------- d-----w- c:\users\sahbi\AppData\Roaming\skypePM

2010-04-27 11:50 . 2010-04-27 11:54 38784 ----a-w- c:\users\sahbi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-27 11:50 . 2010-04-27 11:53 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-04-22 19:49 . 2008-12-17 21:52 -------- d-----w- c:\program files\TVUPlayer

2010-04-20 18:46 . 2008-12-17 20:43 -------- d-----w- c:\program files\Veetle

2010-04-19 17:20 . 2008-11-30 23:56 -------- d-----w- c:\users\sahbi\AppData\Roaming\Metacafe

2010-04-19 01:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-04-19 01:26 . 2010-04-19 01:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2010-04-19 01:23 . 2010-04-19 01:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2010-04-18 12:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-04-18 01:12 . 2007-03-27 08:41 -------- d-----w- c:\programdata\Microsoft Help

2010-04-14 23:04 . 2010-04-14 23:04 143973 ----a-w- c:\users\sahbi\AppData\Roaming\Move Networks\uninstall.exe

2010-04-14 23:04 . 2009-09-24 21:45 5644224 ----a-w- c:\users\sahbi\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll

2010-04-07 18:21 . 2010-04-07 18:21 118784 ----a-w- c:\users\sahbi\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll

2010-03-28 18:37 . 2006-12-18 10:23 -------- d-----w- c:\program files\Common Files\Adobe

2010-03-28 18:28 . 2010-03-28 18:28 -------- d-----w- c:\programdata\McAfee

2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-03-09 01:40 . 2010-03-09 01:40 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-03-09 01:40 . 2010-03-09 01:40 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-03-09 01:40 . 2009-03-27 16:25 -------- d-----w- c:\program files\Common Files\Real

2010-03-09 01:39 . 2009-03-27 16:25 -------- d-----w- c:\program files\Real

2010-03-09 01:39 . 2010-03-09 01:39 -------- d-----w- c:\program files\Common Files\xing shared

2010-03-07 08:43 . 2010-03-07 08:43 -------- d-----w- c:\users\sahbi\AppData\Roaming\Sony Corporation

2010-03-07 08:37 . 2006-12-18 08:12 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\program files\Sony

2010-03-07 08:34 . 2010-03-07 08:34 10134 ----a-r- c:\users\sahbi\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2010-03-07 08:34 . 2010-03-07 08:34 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-03-07 08:33 . 2010-03-07 08:33 -------- d-----w- c:\users\sahbi\AppData\Roaming\InstallShield

2010-03-04 19:59 . 2010-03-04 19:59 443912 ----a-w- c:\users\sahbi\AppData\Roaming\Real\Update\setup3.10\setup.exe

2010-03-03 13:46 . 2009-04-08 19:56 -------- d-----w- c:\users\sahbi\AppData\Roaming\TVU networks

2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\sahbi\AppData\Roaming\Mozilla\Firefox\Profiles\i7siw8fg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

2010-02-24 16:46 . 2007-03-22 21:17 113488 ----a-w- c:\users\sahbi\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-24 08:16 . 2010-02-03 23:36 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 06:39 . 2010-04-06 19:36 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33 . 2010-04-06 19:36 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 06:33 . 2010-04-06 19:36 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 04:55 . 2010-04-06 19:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-20 23:06 . 2010-03-12 02:02 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05 . 2010-03-12 02:02 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 20:53 . 2010-03-12 02:02 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-02-12 10:48 . 2010-03-18 02:02 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-02-04 11:41 . 2007-03-22 21:16 1356 ----a-w- c:\users\sahbi\AppData\Local\d3d9caps.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Device Detector"="DevDetect.exe -autorun" [X]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2007-04-01 155896]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Device Detector"="DevDetect.exe -autorun" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 3772416]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-09 202256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

 

c:\users\sahbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-2-17 145736]

Outil de d‚tection de support PMB.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-7 333088]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-3-27 110592]

Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-2-17 145736]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-6-4 389120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):59,22,38,0c,f5,de,ca,01

 

R2 gupdate1c9aef834940c90;خدمة تحديث Google (gupdate1c9aef834940c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 133104]

R2 RsVScanner;Rising Vista Scanner;c:\program files\Rising\Rav\scannerd.exe [x]

R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2008-02-27 98432]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]

R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888]

R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [x]

S1 aswSP;aswSP; [x]

S2 Akamai;Akamai;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

 

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 16:22]

 

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 16:22]

 

2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{2FC916E7-B1AE-4D9D-B316-276B9FE7D1BC}.job

- c:\windows\system32\msfeedssync.exe [2010-04-06 04:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR

IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab

FF - ProfilePath - c:\users\sahbi\AppData\Roaming\Mozilla\Firefox\Profiles\i7siw8fg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.http - 174.142.24.201

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.type - 1

FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\sahbi\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll

FF - plugin: c:\users\sahbi\AppData\Roaming\Mozilla\Firefox\Profiles\i7siw8fg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

HKCU-Run-ares - c:\program files\Ares\Ares.exe

HKCU-Run-WebCallDirect - c:\program files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

HKLM-Run-FixCamera - c:\windows\FixCamera.exe

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

ShellExecuteHooks-{EB338DB6-EC2C-456B-B5AD-ED97FB489684} - c:\windows\system32\tuvWPIyA.dll

SafeBoot-PskSvcRetail

AddRemove-WinButler - c:\users\sahbi\AppData\Roaming\WinButler\WinBuninstaller.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-02 01:47

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.032"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ani"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.apd"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bay"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bmp"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.bw"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cr2"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.crw"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cs1"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.cur"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dcr"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dcx"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dib"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.djv"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.djvu"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.dng"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.emf"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.eps"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.erf"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fff"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.fpx"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.gif"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.icl"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.icn"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ico"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.iff"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ilbm"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.int"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.inta"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.iw4"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.j2c"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.j2k"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jfif"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jif"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jp2"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpc"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpe"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpeg"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpg"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpk"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.jpx"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.lbm"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.mos"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.mrw"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.nef"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.orf"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pbm"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pcd"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pct"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pcx"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pef"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pgm"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pic"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pict"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.pix"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.png"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ppm"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.psd"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.psp"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.raf"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ras"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.raw"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rgb"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rgba"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rle"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.rsb"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sgi"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.sr2"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.srf"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tga"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.thm"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tif"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.tiff"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ttc"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.ttf"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9o"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9p"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.v9pf"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wbm"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wbmp"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.wmf"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xbm"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xif"

 

[HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee 9.0.xpm"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2010-05-02 01:58:13

ComboFix-quarantined-files.txt 2010-05-01 23:58

 

Pre-Run: 7,376,019,456 octets libres

Post-Run: 10,489,839,616 octets libres

 

- - End Of File - - D292F2535AF279680C472E2902AC8124

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour elnino,

 

Plusieurs observations dans un premier temps, avant de poursuivre. Tu n'es sans doute pas un habitué des forums. Chacune des aides proposées ici l'est bénévolement, par des membres comme toi. Il ne faut pas t'attendre à une réponse 24h/24 7j/7, on a chacun nos vies en dehors du forum. Ne fais donc pas preuve d'impatience excessive, c'est assez agaçant. D'autre part, comme tu as pu le constater en parcourant les sujets, chacune des personnes créée son propre sujet, de sorte d'être personnellement aidée, avec une procédure qui lui est propre. Je vois que tu as enchaîné les outils sur ton PC, un peu à l'aveuglette sans doute. C'est faire preuve d'imprudence.

 

Concernant l'outil Tdsskiller de Kaspersky qui est présent sur ton système. Je souhaiterais que tu me postes les rapports contenus ici : C:\tdsskiller\report.txt. S'il y en a plusieurs, poste les les uns à la suite des autres, en copiant-collant leurs contenus après les avoir ouverts avec ton Bloc-notes.

 

D'autre part, je vois des restes d'antivirus antérieurs à Avast, des passages d'autres outils ; qu'as-tu essayé précédemment comme manipulation ; dis moi ce que tu avais effectué, et avec quoi. Utilises-tu un proxy ? Enfin, précise moi tous les symptômes qui persistent encore.

elnino Junior Member

elnino

Posté(e)
  • Auteur
Posté(e)

reboujour GOF,

je m'excuse de déranger c'est vrai que je suis pas un habitué de ces forums, en général j'essaie de me débrouiller tout seul, mais la j'étais pris de panique.

pour les rapports de Tdskiller les voila:

 

14:15:35:558 4456 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

14:15:35:558 4456 ================================================================================

14:15:35:558 4456 SystemInfo:

 

14:15:35:558 4456 OS Version: 6.0.6002 ServicePack: 2.0

14:15:35:558 4456 Product type: Workstation

14:15:35:558 4456 ComputerName: PC-DE-SAHBI

14:15:35:558 4456 UserName: sahbi

14:15:35:558 4456 Windows directory: C:\Windows

14:15:35:558 4456 Processor architecture: Intel x86

14:15:35:558 4456 Number of processors: 2

14:15:35:558 4456 Page size: 0x1000

14:15:35:558 4456 Boot type: Normal boot

14:15:35:558 4456 ================================================================================

14:15:35:558 4456 UnloadDriverW: NtUnloadDriver error 2

14:15:35:558 4456 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

14:16:05:728 4456 wfopen_ex: Trying to open file C:\Windows\system32\config\system

14:16:05:728 4456 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

14:16:05:728 4456 wfopen_ex: Trying to KLMD file open

14:16:05:728 4456 wfopen_ex: File opened ok (Flags 2)

14:16:05:728 4456 wfopen_ex: Trying to open file C:\Windows\system32\config\software

14:16:05:744 4456 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

14:16:05:744 4456 wfopen_ex: Trying to KLMD file open

14:16:05:744 4456 wfopen_ex: File opened ok (Flags 2)

14:16:05:744 4456 Initialize success

14:16:05:744 4456

14:16:05:744 4456 Scanning Services ...

14:16:07:772 4456 Raw services enum returned 450 services

14:16:07:787 4456

14:16:07:803 4456 Scanning Kernel memory ...

14:16:07:803 4456 Devices to scan: 1

14:16:07:803 4456

14:16:07:803 4456 Driver Name: atapi

14:16:07:803 4456 IRP_MJ_CREATE : 867A5140

14:16:07:803 4456 IRP_MJ_CREATE_NAMED_PIPE : 824DC787

14:16:07:803 4456 IRP_MJ_CLOSE : 867A5140

14:16:07:803 4456 IRP_MJ_READ : 824DC787

14:16:07:803 4456 IRP_MJ_WRITE : 824DC787

14:16:07:803 4456 IRP_MJ_QUERY_INFORMATION : 824DC787

14:16:07:803 4456 IRP_MJ_SET_INFORMATION : 824DC787

14:16:07:803 4456 IRP_MJ_QUERY_EA : 824DC787

14:16:07:803 4456 IRP_MJ_SET_EA : 824DC787

14:16:07:803 4456 IRP_MJ_FLUSH_BUFFERS : 824DC787

14:16:07:803 4456 IRP_MJ_QUERY_VOLUME_INFORMATION : 824DC787

14:16:07:803 4456 IRP_MJ_SET_VOLUME_INFORMATION : 824DC787

14:16:07:803 4456 IRP_MJ_DIRECTORY_CONTROL : 824DC787

14:16:07:803 4456 IRP_MJ_FILE_SYSTEM_CONTROL : 824DC787

14:16:07:803 4456 IRP_MJ_DEVICE_CONTROL : 86793A5A

14:16:07:803 4456 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86793A2C

14:16:07:803 4456 IRP_MJ_SHUTDOWN : 824DC787

14:16:07:803 4456 IRP_MJ_LOCK_CONTROL : 824DC787

14:16:07:803 4456 IRP_MJ_CLEANUP : 824DC787

14:16:07:803 4456 IRP_MJ_CREATE_MAILSLOT : 824DC787

14:16:07:803 4456 IRP_MJ_QUERY_SECURITY : 824DC787

14:16:07:803 4456 IRP_MJ_SET_SECURITY : 824DC787

14:16:07:803 4456 IRP_MJ_POWER : 86793A88

14:16:07:803 4456 IRP_MJ_SYSTEM_CONTROL : 867A0B70

14:16:07:803 4456 IRP_MJ_DEVICE_CHANGE : 824DC787

14:16:07:803 4456 IRP_MJ_QUERY_QUOTA : 824DC787

14:16:07:803 4456 IRP_MJ_SET_QUOTA : 824DC787

14:16:07:818 4456 C:\Windows\system32\drivers\atapi.sys - Verdict: 1

14:16:07:818 4456

14:16:07:818 4456 Completed

14:16:07:818 4456

14:16:07:818 4456 Results:

14:16:07:818 4456 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

14:16:07:818 4456 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

14:16:07:818 4456 File objects infected / cured / cured on reboot: 0 / 0 / 0

14:16:07:818 4456

14:16:07:818 4456 fclose_ex: Trying to close file C:\Windows\system32\config\system

14:16:07:818 4456 fclose_ex: Trying to close file C:\Windows\system32\config\software

14:16:07:818 4456 KLMD(ARK) unloaded successfully

 

 

et les 2 autres d'hier:

 

20:33:20:953 4140 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

20:33:20:953 4140 ================================================================================

20:33:20:953 4140 SystemInfo:

 

20:33:20:953 4140 OS Version: 6.0.6002 ServicePack: 2.0

20:33:20:953 4140 Product type: Workstation

20:33:20:953 4140 ComputerName: PC-DE-SAHBI

20:33:20:953 4140 UserName: sahbi

20:33:20:953 4140 Windows directory: C:\Windows

20:33:20:953 4140 Processor architecture: Intel x86

20:33:20:953 4140 Number of processors: 2

20:33:20:953 4140 Page size: 0x1000

20:33:20:953 4140 Boot type: Normal boot

20:33:20:953 4140 ================================================================================

20:33:20:968 4140 UnloadDriverW: NtUnloadDriver error 2

20:33:20:968 4140 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

20:33:21:031 4140 wfopen_ex: Trying to open file C:\Windows\system32\config\system

20:33:21:031 4140 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

20:33:21:031 4140 wfopen_ex: Trying to KLMD file open

20:33:21:046 4140 wfopen_ex: File opened ok (Flags 2)

20:33:21:062 4140 wfopen_ex: Trying to open file C:\Windows\system32\config\software

20:33:21:062 4140 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

20:33:21:062 4140 wfopen_ex: Trying to KLMD file open

20:33:21:062 4140 wfopen_ex: File opened ok (Flags 2)

20:33:21:062 4140 Initialize success

20:33:21:062 4140

20:33:21:062 4140 Scanning Services ...

20:33:23:605 4140 Raw services enum returned 448 services

20:33:23:620 4140

20:33:23:636 4140 Scanning Kernel memory ...

20:33:23:636 4140 Devices to scan: 1

20:33:23:636 4140

20:33:23:636 4140 Driver Name: atapi

20:33:23:636 4140 IRP_MJ_CREATE : 8679E140

20:33:23:636 4140 IRP_MJ_CREATE_NAMED_PIPE : 82492787

20:33:23:636 4140 IRP_MJ_CLOSE : 8679E140

20:33:23:636 4140 IRP_MJ_READ : 82492787

20:33:23:636 4140 IRP_MJ_WRITE : 82492787

20:33:23:636 4140 IRP_MJ_QUERY_INFORMATION : 82492787

20:33:23:636 4140 IRP_MJ_SET_INFORMATION : 82492787

20:33:23:636 4140 IRP_MJ_QUERY_EA : 82492787

20:33:23:636 4140 IRP_MJ_SET_EA : 82492787

20:33:23:636 4140 IRP_MJ_FLUSH_BUFFERS : 82492787

20:33:23:636 4140 IRP_MJ_QUERY_VOLUME_INFORMATION : 82492787

20:33:23:636 4140 IRP_MJ_SET_VOLUME_INFORMATION : 82492787

20:33:23:636 4140 IRP_MJ_DIRECTORY_CONTROL : 82492787

20:33:23:636 4140 IRP_MJ_FILE_SYSTEM_CONTROL : 82492787

20:33:23:636 4140 IRP_MJ_DEVICE_CONTROL : 8678CA5A

20:33:23:636 4140 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8678CA2C

20:33:23:636 4140 IRP_MJ_SHUTDOWN : 82492787

20:33:23:636 4140 IRP_MJ_LOCK_CONTROL : 82492787

20:33:23:636 4140 IRP_MJ_CLEANUP : 82492787

20:33:23:636 4140 IRP_MJ_CREATE_MAILSLOT : 82492787

20:33:23:636 4140 IRP_MJ_QUERY_SECURITY : 82492787

20:33:23:636 4140 IRP_MJ_SET_SECURITY : 82492787

20:33:23:636 4140 IRP_MJ_POWER : 8678CA88

20:33:23:636 4140 IRP_MJ_SYSTEM_CONTROL : 86799B70

20:33:23:636 4140 IRP_MJ_DEVICE_CHANGE : 82492787

20:33:23:636 4140 IRP_MJ_QUERY_QUOTA : 82492787

20:33:23:636 4140 IRP_MJ_SET_QUOTA : 82492787

20:33:23:651 4140 C:\Windows\system32\drivers\atapi.sys - Verdict: 1

20:33:23:651 4140

20:33:23:651 4140 Completed

20:33:23:651 4140

20:33:23:651 4140 Results:

20:33:23:651 4140 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

20:33:23:651 4140 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

20:33:23:651 4140 File objects infected / cured / cured on reboot: 0 / 0 / 0

20:33:23:651 4140

20:33:23:651 4140 fclose_ex: Trying to close file C:\Windows\system32\config\system

20:33:23:651 4140 fclose_ex: Trying to close file C:\Windows\system32\config\software

20:33:23:761 4140 MyDeleteFileW: MyNtCreateFile (C:\Windows\system32\drivers\klmd.sys) error 32

20:33:23:761 4140 KLMD(ARK) unloaded successfully

 

 

et:

 

20:30:44:791 4384 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

20:30:44:791 4384 ================================================================================

20:30:44:791 4384 SystemInfo:

 

20:30:44:791 4384 OS Version: 6.0.6002 ServicePack: 2.0

20:30:44:791 4384 Product type: Workstation

20:30:44:791 4384 ComputerName: PC-DE-SAHBI

20:30:44:791 4384 UserName: sahbi

20:30:44:791 4384 Windows directory: C:\Windows

20:30:44:791 4384 Processor architecture: Intel x86

20:30:44:791 4384 Number of processors: 2

20:30:44:791 4384 Page size: 0x1000

20:30:44:807 4384 Boot type: Normal boot

20:30:44:807 4384 ================================================================================

20:30:45:446 4384 UnloadDriverW: NtUnloadDriver error 2

20:30:45:446 4384 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

20:30:51:125 4384 wfopen_ex: Trying to open file C:\Windows\system32\config\system

20:30:51:125 4384 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

20:30:51:125 4384 wfopen_ex: Trying to KLMD file open

20:30:51:125 4384 wfopen_ex: File opened ok (Flags 2)

20:30:51:140 4384 wfopen_ex: Trying to open file C:\Windows\system32\config\software

20:30:51:140 4384 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

20:30:51:140 4384 wfopen_ex: Trying to KLMD file open

20:30:51:140 4384 wfopen_ex: File opened ok (Flags 2)

20:30:51:140 4384 Initialize success

20:30:51:140 4384

20:30:51:140 4384 Scanning Services ...

20:30:53:948 4384 Raw services enum returned 448 services

20:30:53:964 4384

20:30:53:964 4384 Scanning Kernel memory ...

20:30:53:979 4384 Devices to scan: 1

20:30:53:979 4384

20:30:53:979 4384 Driver Name: atapi

20:30:53:979 4384 IRP_MJ_CREATE : 8679E140

20:30:53:979 4384 IRP_MJ_CREATE_NAMED_PIPE : 82492787

20:30:53:979 4384 IRP_MJ_CLOSE : 8679E140

20:30:53:979 4384 IRP_MJ_READ : 82492787

20:30:53:979 4384 IRP_MJ_WRITE : 82492787

20:30:53:979 4384 IRP_MJ_QUERY_INFORMATION : 82492787

20:30:53:979 4384 IRP_MJ_SET_INFORMATION : 82492787

20:30:53:979 4384 IRP_MJ_QUERY_EA : 82492787

20:30:53:979 4384 IRP_MJ_SET_EA : 82492787

20:30:53:979 4384 IRP_MJ_FLUSH_BUFFERS : 82492787

20:30:53:979 4384 IRP_MJ_QUERY_VOLUME_INFORMATION : 82492787

20:30:53:979 4384 IRP_MJ_SET_VOLUME_INFORMATION : 82492787

20:30:53:979 4384 IRP_MJ_DIRECTORY_CONTROL : 82492787

20:30:53:979 4384 IRP_MJ_FILE_SYSTEM_CONTROL : 82492787

20:30:53:979 4384 IRP_MJ_DEVICE_CONTROL : 8678CA5A

20:30:53:979 4384 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8678CA2C

20:30:53:979 4384 IRP_MJ_SHUTDOWN : 82492787

20:30:53:979 4384 IRP_MJ_LOCK_CONTROL : 82492787

20:30:53:979 4384 IRP_MJ_CLEANUP : 82492787

20:30:53:979 4384 IRP_MJ_CREATE_MAILSLOT : 82492787

20:30:53:979 4384 IRP_MJ_QUERY_SECURITY : 82492787

20:30:53:979 4384 IRP_MJ_SET_SECURITY : 82492787

20:30:53:979 4384 IRP_MJ_POWER : 8678CA88

20:30:53:979 4384 IRP_MJ_SYSTEM_CONTROL : 86799B70

20:30:53:979 4384 IRP_MJ_DEVICE_CHANGE : 82492787

20:30:53:979 4384 IRP_MJ_QUERY_QUOTA : 82492787

20:30:53:979 4384 IRP_MJ_SET_QUOTA : 82492787

20:30:53:995 4384 C:\Windows\system32\drivers\atapi.sys - Verdict: 1

20:30:53:995 4384

20:30:53:995 4384 Completed

20:30:53:995 4384

20:30:53:995 4384 Results:

20:30:53:995 4384 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

20:30:53:995 4384 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

20:30:54:011 4384 File objects infected / cured / cured on reboot: 0 / 0 / 0

20:30:54:011 4384

20:30:54:011 4384 fclose_ex: Trying to close file C:\Windows\system32\config\system

20:30:54:011 4384 fclose_ex: Trying to close file C:\Windows\system32\config\software

20:30:54:120 4384 MyDeleteFileW: MyNtCreateFile (C:\Windows\system32\drivers\klmd.sys) error 32

20:30:54:120 4384 KLMD(ARK) unloaded successfully

 

 

pour les symptomes je sais pas ce que je dois chercher exactement mais quand j'ai redémarré l'ordi il est un peu lent mais il y a plus de ce digital protection seulement une fenetre me parait disant que windows a bloqué certains programmes de démarrage.

 

Enfin j'ai utilisé avant plein d'antivirus kaspersky, AVG... que j'ai eu du mal a effacer parfois, hier j'ai téléchargé avast et spyhunter 4 croyant qu'ils vont éliminer digital protection.

 

Pour les proxy, oui j'utilisais avant des proxys pour me connecter mais maintenant je sais pas , je necrois pas , en fait je dois faire quoi pour voir si je me connecte avec un proxy ou pas?

 

Dsl encore pour le dérangement et merci.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...