Sujet Précédent Sujet Suivant

Redirection Google

Résolu/Fermé
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 - 24 août 2009 à 12:14
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 6 sept. 2009 à 10:15
Bonjour,

J'ai, comme beaucoup d'autre chopé ce satané virus qui revoi les lien google...

Voici le rapport HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:28, on 24/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Google\Google Talk\googletalk.exe
D:\Programmes\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\WinMover\WinMover.exe
D:\Programmes\RocketDock\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Programmes\YahooMsg\Messenger\YahooMessenger.exe
D:\Programmes\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F2.tmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programmes\HiJack This\HiJackThis\HjT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Programmes\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programmes\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q
O4 - HKCU\..\Run: [RocketDock] "D:\Programmes\RocketDock\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programmes\ActivSync\Wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Programmes\YahooMsg\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programmes\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F2.tmp.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'Default user')
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programmes\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Programmes\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O18 - Protocol: bubbledock - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
A voir également:

82 réponses

Précédent
Réponse 41 / 82
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 00:14
Arf ....


même resultat que tout à l'heure .... septique ...



1- refait tourné GMER et copie/colle ( ne fait pas d'uplaod ) le nouveau rapport obtenu ...


===================

2- Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .

Double clique sur l'icone OAD pour le lancer

- nom du fichier à rechercher :
-->tape ou fais un copier coller de :

kbiwkm puis tape sur [entrée]

- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...

->Sauvegarde ce rapport sur ton Bureau et fais un copier / coller de celui-ci dans ta prochaine réponse ...



0
Réponse 42 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 07:40
GMER 1.0.15.15077 [izjHT1Xkn7_gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-27 07:35:36
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x35 ? 89B6BF00
INT 0x3A ? 89B6BF00
INT 0x3A ? 89B6BF00
INT 0x3B ? 89B6BF00
INT 0x3E ? 89BA2BF8
INT 0x3F ? 89BA2BF8

Code 89949780 ZwEnumerateKey
Code 8998F658 ZwFlushInstructionCache
Code 8999A646 ZwSaveKey
Code 8905883E ZwSaveKeyEx
Code 8992E826 IofCallDriver
Code 8994D826 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 8992E82B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 8994D82B
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8056E43A 5 Bytes JMP 8998F65C
PAGE ntoskrnl.exe!ZwEnumerateKey 805735B4 5 Bytes JMP 89949784
PAGE ntoskrnl.exe!ZwSaveKey 8064EDD2 5 Bytes JMP 8999A64A
PAGE ntoskrnl.exe!ZwSaveKeyEx 8064EEBD 5 Bytes JMP 89058842
? spme.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload BA143934 5 Bytes JMP 89B6B4E0

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[524] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 00EA000A
.text D:\Programmes\Nod32\ekrn.exe[860] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89BA54B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spme.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spme.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spme.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spme.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spme.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spme.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spme.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89B6B5E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spme.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89BA11F8

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBPDO-0 89B70500
Device \Driver\usbuhci \Device\USBPDO-1 89B70500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C131F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C131F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C131F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C131F8
Device \Driver\usbuhci \Device\USBPDO-2 89B70500
Device \Driver\usbehci \Device\USBPDO-3 89B6A500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B5B30755-D1E6-4D12-BAA5-26B811709C1E} 891FA1F8
Device \Driver\PCI_PNP2496 \Device\00000055 spme.sys
Device \Driver\PCI_PNP2496 \Device\00000055 spme.sys

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA31F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA31F8
Device \Driver\Cdrom \Device\CdRom0 89A1D500
Device \Driver\Cdrom \Device\CdRom1 89A1D500
Device \Driver\Ftdisk \Device\HarddiskVolume3 89BA31F8
Device \Driver\Cdrom \Device\CdRom2 89A1D500
Device \Driver\NetBT \Device\NetBt_Wins_Export 891FA1F8

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBFDO-0 89B70500
Device \Driver\usbuhci \Device\USBFDO-1 89B70500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88FE11F8
Device \Driver\usbuhci \Device\USBFDO-2 89B70500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88FE11F8
Device \Driver\usbehci \Device\USBFDO-3 89B6A500
Device \Driver\Ftdisk \Device\FtControl 89BA31F8
Device \Driver\VClone \Device\Scsi\VClone1 899091F8
Device \Driver\a4qb0aen \Device\Scsi\a4qb0aen1Port3Path0Target0Lun0 89A061F8
Device \Driver\a4qb0aen \Device\Scsi\a4qb0aen1 89A061F8
Device \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0 899091F8
Device \Driver\sptd \Device\1468723936 spme.sys
Device \FileSystem\Cdfs \Cdfs 88FD9500

---- Threads - GMER 1.0.15 ----

Thread System [4:540] 89500790

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmlmpyqoml.sys (*** hidden *** ) [SYSTEM] kbiwkmhrnmxjbq <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq@imagepath \systemroot\system32\drivers\kbiwkmlmpyqoml.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmlmpyqoml.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmwwkpiqom.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmksmqxicu.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmecrcrjyu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmhrnmxjbq\modules@kbiwkm.dat \systemroot\system32\kbiwkmphbxjejp.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programmes\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x57 0xB8 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x08 0xE3 0xA8 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0xE1 0xB9 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0x4F 0x82 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq@imagepath \systemroot\system32\drivers\kbiwkmlmpyqoml.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmlmpyqoml.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmwwkpiqom.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmksmqxicu.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmhrnmxjbq\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmecrcrjyu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programmes\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x57 0xB8 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x08 0xE3 0xA8 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0xE1 0xB9 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x21 0x4F 0x82 0x8C ...
0
Réponse 43 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 07:41
la suite

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Credentials 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Feeds 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Feeds Cache 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\FORMS 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Internet Explorer 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Media Player 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Messenger 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Office 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\OIS 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Outlook 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Portable Devices 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Silverlight 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Wallpaper1.bmp 4233066 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Windows 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Windows Live 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Windows Live Contacts 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Windows Live OneCare safety scanner 0 bytes
File C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Live Contacts\Windows Media 0 bytes
File H:\Le34immo\Artisans\Dossier TRISTAN\Site internet\Documents site\Images\Revêtement\Page contact 0 bytes
File H:\Le34immo\Artisans\Dossier TRISTAN\Site internet\Documents site\Images\Revêtement\Page contact\grande photo page contact.jpg 232649 bytes
File H:\Le34immo\Artisans\Dossier TRISTAN\Site internet\Documents site\Images\Revêtement\Page contact\petite photo page contact.jpg 141570 bytes
File H:\Le34immo\Artisans\Dossier TRISTAN\Site internet\Documents site\Images\Revêtement\Page prestations 0 bytes
File H:\Le34immo\Artisans\Dossier TRISTAN\Site internet\Documents site\Images\Revêtement\Peinture 0 bytes
File H:\Le34immo\Artisans\Dossier TRISTAN\Site internet\Documents site\Images\Revêtement\Plafond 0 bytes
File H:\Le34immo\Artisans\Dossier TRISTAN\Site internet\Documents site\Images\Revêtement\Revêtement 0 bytes
File H:\Le34immo\Artisans\Dossier TRISTAN\Site internet\Documents site\Images\Revêtement\Rénovation 0 bytes
File H:\Le34immo.com\Communication\Bernard\BDC RegieSud.jpg 195714 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\master_dept_logo34immo.psd 1857843 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\BDC RegieSud.jpg 195714 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\master_dept_logo34immo.psd 1857843 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\BDC RegieSud.jpg 195714 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\master_dept_logo34immo.psd 1857843 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\BDC RegieSud.jpg 195714 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\Bernard 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\Le Criquet 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\Plaquettes et encarts 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\Stagiaires 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\petit_logo34immo copie.jpg 2151 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\petit_logo34immo.ai 95916 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\petit_logo34immo.psd 1854888 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\planche1roughs.pdf 1304113 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\Plaque AKI.ai 9110493 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\signature outlook.png 168130 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\vernis_cdv34immo54x85.pdf 117057 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Bernard\vernis_cdv34immo54x852.pdf 117057 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Le Criquet 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Plaquettes et encarts 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Stagiaires 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\petit_logo34immo copie.jpg 2151 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\petit_logo34immo.ai 95916 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\petit_logo34immo.psd 1854888 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\planche1roughs.pdf 1304113 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\Plaque AKI.ai 9110493 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\signature outlook.png 168130 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\vernis_cdv34immo54x85.pdf 117057 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Bernard\vernis_cdv34immo54x852.pdf 117057 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Le Criquet 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Plaquettes et encarts 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Stagiaires 0 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\petit_logo34immo copie.jpg 2151 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\petit_logo34immo.ai 95916 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\petit_logo34immo.psd 1854888 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\planche1roughs.pdf 1304113 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\Plaque AKI.ai 9110493 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\signature outlook.png 168130 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\vernis_cdv34immo54x85.pdf 117057 bytes
File H:\Le34immo.com\Communication\Bernard\Bernard\vernis_cdv34immo54x852.pdf 117057 bytes
File H:\Le34immo.com\Communication\Bernard\Le Criquet 0 bytes
File H:\Le34immo.com\Communication\Bernard\Plaquettes et encarts 0 bytes
File H:\Le34immo.com\Communication\Bernard\Stagiaires 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\backblue.gif 4243 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\fade.gif 828 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\AC_RunActiveContent.js 8029 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\AppleWebKit 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\AppleWebKit\index.html 1461 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\bandeau.swf 86055 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\contact.html 9771 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\css 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\css\lightbox.css 1648 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\css01.css 2425 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\fabrication_gouttiere.html 7771 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\bg.jpg 2421 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_1.jpg 43175 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_1_thumb.jpg 11194 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_2.jpg 31813 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_2_thumb.jpg 8145 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_3.jpg 25124 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_3_thumb.jpg 7770 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_4.jpg 18044 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_4_thumb.jpg 6586 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_5.jpg 23728 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_5_thumb.jpg 7499 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_6.jpg 30020 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\ac_6_thumb.jpg 8740 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\bg1.gif 6712 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\bgcentrale.jpg 25213 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\bgcentre.jpg 1858 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\bgfooter.jpg 4826 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\bgmenu.jpg 658 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\bgmini.jpg 12132 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\btsend.jpg 1215 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_1.jpg 55269 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_1_thumb.jpg 7319 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_2.jpg 46250 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_2_thumb.jpg 7579 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_3.jpg 38908 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_3_thumb.jpg 5900 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_4.jpg 59500 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_4_thumb.jpg 8491 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_5.jpg 27652 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_5_thumb.jpg 5533 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_6.jpg 39313 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\fg_6_thumb.jpg 5359 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\loader.gif 3485 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\mtconseils.gif 2339 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\nextlabel.gif 1252 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_1.jpg 15718 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_1_thumb.jpg 7451 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_2.jpg 27998 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_2_thumb.jpg 4670 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_3.jpg 85782 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_3_thumb.jpg 8433 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_4.jpg 20381 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_4_thumb.jpg 8282 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_5.jpg 54834 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_5_thumb.jpg 7594 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_6.jpg 43403 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\pg_6_thumb.jpg 9324 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\images\prevlabel.gif 1264 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\index.html 7904 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\js 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\js\lightbox.js 18389 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\js\prototype.js 126142 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\js\scriptaculousb395.js 2654 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\mentions_legales.html 8020 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\plan.html 7807 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\gouttieres-jabouille.com\gouttieres\pose_gouttiere.html 7639 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\hts-cache 0 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\hts-cache\doit.log 746 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\hts-cache\new.lst 3614 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\hts-cache\new.txt 20745 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\hts-cache\new.zip 87289 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\hts-cache\readme.txt 614 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\hts-cache\winprofile.ini 1253 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\hts-log.txt 1350 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE\index.html 5290 bytes
File H:\Mes sites Web\Sites vitrines\Site Olivier Jabouille\Olivier JABOUILLE\Olivier JABOUILLE.whtt 0 bytes
File H:\Programmes\EBP Gestion commerciale\EBP\dzip32.dll (size mismatch) 103936/131072 bytes executable
File H:\Programmes\EBP Gestion commerciale\EBP\EbpDico.dll (size mismatch) 103936/761856 bytes executable
File H:\Programmes\EBP Gestion commerciale\EBP\ebpdlg.dll (size mismatch) 103936/503808 bytes executable
File H:\Programmes\EBP Gestion commerciale\EBP\EBPIndex.dll (size mismatch) 103936/315392 bytes executable
File H:\Programmes\EBP Gestion commerciale\EBP\EBPInet.dll (size mismatch) 103936/704512 bytes executable
File H:\Programmes\EBP Gestion commerciale\EBP\EBPLogin2.dll (size mismatch) 103936/548864 bytes executable
File H:\Programmes\EBP Gestion commerciale\EBP\EBPOxAPI.dll (size mismatch) 103936/1409024 bytes executable
File H:\Programmes\EBP Gestion commerciale\EBP\EbpPrn.dll (size mismatch) 103936/2220032 bytes executable
File H:\Programmes\GreenBox\EBP Gestion commerciale 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBPAdmin 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\Gif Movie Gear 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\GMG 4 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\GreenBox 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\Logo Creator 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\Web Button Maker Deluxe 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\EBPAdmin 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\Gif Movie Gear 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\GMG 4 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\GreenBox 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\Logo Creator 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBP Gestion commerciale\Web Button Maker Deluxe 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\EBPAdmin 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\Gif Movie Gear 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\GMG 4 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\GreenBox 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\Logo Creator 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBP Gestion commerciale\Web Button Maker Deluxe 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\EBPAdmin 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\Gif Movie Gear 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\GMG 4 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\GreenBox 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\Logo Creator 0 bytes
File H:\Programmes\GreenBox\EBP Gestion commerciale\Web Button Maker Deluxe 0 bytes
File H:\Programmes\GreenBox\EBPAdmin 0 bytes
File H:\Programmes\GreenBox\Gif Movie Gear 0 bytes
File H:\Programmes\GreenBox\GMG 4 0 bytes
File H:\Programmes\GreenBox\Logo Creator 0 bytes
File H:\Programmes\GreenBox\Web Button Maker Deluxe 0 bytes

---- EOF - GMER 1.0.15 ----
0
Réponse 44 / 82
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 08:23
bien ...


OAD maintenant ....


Question : le rapport montre la présence d'un pare feu > (ESET Personal Firewall TDI filter/ESET)

le pare feu de Nod32 ... tu l'as bien désactivé avant de faire ComFix ? ...

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 08:25
alors oui, il est désactivé lorsque je le fait comme ça! par contre en mode sans echec, Combo me dit qu'il note sa présence mais je n'arrive pas à le désactiver dans ce mode
0
Réponse 46 / 82
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 08:38
oki ...


fait OAD stp ....


0
Réponse 47 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 09:08
voilà:

27/08/2009 ---- 8:41:52,84

----------------------------------
§§§§§§ [kbiwkm] §§§§§§
----------------------------------
[X] Registre
[ ] Fichier (rapide)
[ ] Fichier (disque systeme)
[X] Fichier (complete)




********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 48 / 82
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 09:25
OAD voit rien ...



Tu vas faire ceci :


Télécharge DDS de sUBs sur ton bureau.

https://download.bleepingcomputer.com/sUBs/dds.scr

( L'outil ne nécessite pas d'installation.)


* Lance-le en cliquant sur l'icône dds.scr qui est sur ton bureau .

-> Une fenêtre DOS va apparaitre , cela signifie que le scan est en cours ...

laisse faire et ne touche à rien ....

( Le scan ne doit pas dépasser trois minutes.)

* Un premier rapport va s'ouvrir que tu enregistreras sous " DDS.txt " par défaut sur le bureau.

Puis il te sera demandé si tu veux faire le scan optionnel.
--> Accepte par "Oui" !

Un nouveau rapport s'ouvre que tu enregistres sous "Attach.txt" sur le bureau.
( Tu ne le fourniras que si nécessaire.)

-> Poste le rapport DDS.txt pour analyse ....

0
Réponse 49 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 10:39
ok
0
Réponse 50 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 10:46
Voilà le premier

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrateur at 10:40:01,10 on 27/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1352 [GMT 2:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmes\Nod32\ekrn.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
D:\Programmes\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Programmes\Nod32\egui.exe
C:\Program Files\WinMover\WinMover.exe
D:\Programmes\RocketDock\RocketDock\RocketDock.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Programmes\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
mWindow Title =
ucustomizesearch = hxxp://www.google.com/ie
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [WinMover] "c:\program files\winmover\WinMover.exe" /q
uRun: [RocketDock] "d:\programmes\rocketdock\rocketdock\RocketDock.exe"
uRun: [H/PC Connection Agent] "d:\programmes\activsync\Wcescomm.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Messenger (Yahoo!)] "d:\programmes\yahoomsg\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Lite] "d:\programmes\daemon tools lite\daemon.exe" -autorun
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [AdobeCS4ServiceManager] "c:\program files\fichiers communs\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Acrobat Speed Launcher] "d:\programmes\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "d:\programmes\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [egui] "d:\programmes\nod32\egui.exe" /hide /waitservice
dRunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
dRunOnce: [SweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: HideRunAsVerb = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoNetConnectDisconnect = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoStrCmpLogical = 0 (0x0)
dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - d:\programmes\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\mteietq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\mteietq8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\mteietq8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\mteietq8.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: d:\programmes\adobe acrobat2\acrobat\browser\nppdf32.dll
FF - plugin: d:\programmes\adobe\acrobat 9.0\acrobat\browser\nppdf32.dll
FF - plugin: d:\programmes\opera\program\plugins\npdsplay.dll
FF - plugin: d:\programmes\opera\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 ekrn;ESET Service;d:\programmes\nod32\ekrn.exe [2009-2-6 727720]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-1-24 216232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\174a.tmp --> c:\windows\system32\174A.tmp [?]

=============== Created Last 30 ================

2009-08-26 20:11 <DIR> --ds---- C:\CFix
2009-08-26 20:11 399,360 a------- c:\windows\system32\CF17699.exe
2009-08-26 11:33 34,796 a---h--- c:\windows\system32\mlfcache.dat
2009-08-25 16:04 399,360 a------- c:\windows\system32\CF14877.exe
2009-08-25 15:56 399,360 a------- c:\windows\system32\CF13129.exe
2009-08-25 15:52 399,360 a------- c:\windows\system32\CF12450.exe
2009-08-25 13:46 399,360 a------- c:\windows\system32\CF20661.exe
2009-08-25 13:44 399,360 a------- c:\windows\system32\CF20139.exe
2009-08-25 11:45 <DIR> --d----- C:\_OTM
2009-08-25 09:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\ESET
2009-08-25 09:53 <DIR> --d----- c:\program files\ESET
2009-08-25 08:57 399,360 a------- c:\windows\system32\CF29572.exe
2009-08-25 08:29 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-08-25 08:13 399,360 a------- c:\windows\system32\CF20918.exe
2009-08-25 07:45 229,376 a------- c:\windows\PEV.exe
2009-08-25 07:45 399,360 a------- c:\windows\system32\CF15334.exe
2009-08-24 18:03 161,792 a------- c:\windows\SWREG.exe
2009-08-24 18:03 98,816 a------- c:\windows\sed.exe
2009-08-24 16:13 <DIR> --d----- C:\Lop SD
2009-08-24 15:31 <DIR> --d----- C:\ToolBar SD
2009-08-24 15:15 <DIR> --d----- c:\program files\ZHPDiag
2009-08-24 14:23 289,144 a------- c:\windows\system32\VCCLSID.exe
2009-08-24 14:23 288,417 a------- c:\windows\system32\SrchSTS.exe
2009-08-24 14:23 87,552 a------- c:\windows\system32\VACFix.exe
2009-08-24 14:23 82,944 a------- c:\windows\system32\IEDFix.exe
2009-08-24 14:23 82,944 a------- c:\windows\system32\IEDFix.C.exe
2009-08-24 14:23 82,432 a------- c:\windows\system32\404Fix.exe
2009-08-24 14:23 80,384 a------- c:\windows\system32\o4Patch.exe
2009-08-24 14:23 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-08-24 14:23 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-08-24 14:23 51,200 a------- c:\windows\system32\dumphive.exe
2009-08-24 14:23 53,248 a------- c:\windows\system32\Process.exe
2009-08-21 16:25 <DIR> --d----- c:\docume~1\admini~1\applic~1\Nosibay
2009-08-21 16:25 <DIR> --d----- c:\program files\fichiers communs\Nosibay
2009-08-21 16:25 <DIR> --d----- c:\program files\Nosibay
2009-08-20 15:56 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 15:56 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-20 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-20 14:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-08-20 13:41 45,392 a----r-- c:\windows\system32\AdobePDF.dll
2009-08-20 13:41 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-08-20 12:51 <DIR> --d----- c:\program files\fichiers communs\Adobe AIR
2009-08-18 23:08 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-11 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Fighters
2009-08-10 12:42 44,544 a------- c:\windows\system32\msxml4a.dll
2009-08-07 12:16 <DIR> --d----- c:\program files\Yahoo!
2009-08-04 22:12 <DIR> --d----- c:\windows\Performance
2009-07-30 18:05 <DIR> --d----- c:\windows\system32\XPSViewer

==================== Find3M ====================

2009-08-24 18:40 86,331 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-22 18:43 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-08-08 01:48 503,866 a------- c:\windows\system32\perfh00C.dat
2009-08-08 01:48 81,824 a------- c:\windows\system32\perfc00C.dat
2009-07-04 22:23 281,760 a------- c:\windows\system32\drivers\atksgt.sys
2009-07-04 22:23 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2009-06-24 21:02 299,008 a------- c:\windows\system32\TubeFinder.exe
2009-06-19 19:51 141,312 a------- c:\windows\system32\MSCMCFR.DLL
2009-06-19 19:51 119,568 a------- c:\windows\system32\VB6FR.DLL
2009-06-19 19:51 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-06-19 19:51 32,768 a------- c:\windows\system32\CMDLGFR.DLL
2009-06-19 19:51 9,728 a------- c:\windows\system32\PCCLPFR.DLL
2009-02-13 23:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012009021320090214\index.dat

============= FINISH: 10:41:52,43 ===============
0
Réponse 51 / 82
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 11:08
Vu ...


l'autre maintenant ...


0
Réponse 52 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 11:55
voilà

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 13/02/2009 22:48:49
System Uptime: 27/08/2009 00:05:33 (10 hours ago)

Motherboard: Samsung Electronics | | SM40P
Processor: Intel(R) Pentium(R) M processor 1.70GHz | U49 | 1694/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 18 GiB total, 0,759 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 40,977 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is FIXED (NTFS) - 20 GiB total, 17,509 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27318086&REV_05\4&39A85202&0&38F0
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27318086&REV_05\4&39A85202&0&38F0
Service: w29n51

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem PCI
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_2115144D&REV_01\3&61AAA01&0&FE
Manufacturer:
Name: Modem PCI
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_2115144D&REV_01\3&61AAA01&0&FE
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Synthétiseur DLS du noyau Microsoft
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Synthétiseur DLS du noyau Microsoft
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4 Extension - Flash Lite STI fr
Adobe Flash CS4 STI-fr
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Software Update
Archiveur WinRAR
Assistant de connexion Windows Live
ATI Display Driver
ClearType Tuning
Combined Community Codec Pack 2008-09-21 16:18
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
CPU-Z
CurrPorts
DAMN NFO Viewer Setup
E-Calc (Supprimer uniquement)
EPSON Logiciel imprimante
ESET Smart Security
FlashFXP v3
Google Talk (remove only)
GPU-Z
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
HWMonitor
IcoFX 1.6
ImgBurn
Installation Windows Live
Java(TM) 6 Update 7
JkDefrag
Ma-Config.com
Malwarebytes' Anti-Malware
MemTest
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft DirectX Control Panel 9.0c
Microsoft Office Access MUI (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Project MUI (French) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Software Update for Web Folders (French) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Mozilla Firefox (3.5.2)
MSVCRT
Nero 8 Lite 8.3.6.0
Nero Info Tool
Notepad++
Open Command Prompt Shell Extension
Opera 9.64
Outil de téléchargement Windows Live
PartitionMagic
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Platform
PowerQuest PartitionMagic 8.0
PuTTY
QT Lite 2.7.0
QuickPar 0.9
Quicksys RegDefrag
Real Alternative 1.8.4 Lite
RegScanner
RocketDock 1.3.5
Safari
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
SimCity 3000
Skype™ 4.1
Sophos Anti-Rootkit 1.5.0
Suite Shared Configuration CS4
Sysinternals Suite
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Utilitaires Gnu Unix
VIA Gestionnaire de périphériques de plate-forme
VirtualCloneDrive
WebFldrs XP
Windows 7 Upgrade Advisor Beta
Windows Installer CleanUp
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Live Safety Scanner
WinHTTrack Website Copier 3.43-7
WinMover 3.2.0.6
XML Paper Specification Shared Components Pack 1.0
XnView 1.94
XnView Shell Extension 2.4.0
ZHPDiag 1.24

==== End Of File ===========================
0
Réponse 53 / 82
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 12:03
bien ...


je pense avoir la soluce au prb ...

( Merci à Narco!4 ^^)


Tu vas faire ceci ( le tout en mode normal ! ) :

! ferme toute applications en cours !

Telecharge AVZ > http://z-oleg.com/avz4.zip
*extrait sur ton bureau
*ouvre le dossier AVZ4
*double clique sur "avz.exe"
*clique sur file (en haut à gauche)
*dans la liste choisie Custom scripts
*dans le carré qui apparait colle ce qui est en gras dessous


var
service, driverfile, AvzDir : string;

begin
AvzDir:=GetAVZDirectory;
service:=('kbiwkmhrnmxjbq');
driverfile:=('kbiwkmlmpyqoml.sys');
ShowMessage('Wichtig! Beende alle Programme, bevor du auf Okay klickst und das Skript startest! Windows wird automatisch neustarten.');
SearchRootKit(true,true);
SetAVZGuardStatus(true);
BC_QrFile('%System32%\Drivers\'+driverfile);
BC_DeleteSvc(service);
BC_LogFile(AvzDir + 'AvzBootCleaner.log');
BC_Activate;
RebootWindows(true);
end.


*puis clique sur Run
>valide le message ... ton PC va redémarrer !

>une fois redémarrer ouvre le dossier AVZ4
poste le contenu de AvzBootCleaner.log


/!\ lance Combofix directement une fois ce rapport posté ! ( déconnecte toi désactive bien tes défenses avant ! )


Poste ensuite le rapport Combo obtenu ...


0
Réponse 54 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 12:37
voilà le premier:

Quarantine path: \??\C:\Documents and Settings\Administrateur\Bureau\avz4\avz4\Quarantine\2009-08-27\
QuarantineFile \??\C:\WINDOWS\system32\Drivers\kbiwkmlmpyqoml.sys - succeeded
Delete File \systemroot\system32\drivers\kbiwkmlmpyqoml.sys - succeeded
Delete Service & File kbiwkmhrnmxjbq - failed (0xC0000022)
-- End --
0
Réponse 55 / 82
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 12:41
et combofix ... tu l'as fait !? ... ^^

0
Réponse 56 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 12:50
Voilà ce que me donne combo...

Comme dirait l'autre, c'est à se les prendre et se les mordre...

http://www.cijoint.fr/cjlink.php?file=cj200908/cijpKdrJAQ.jpg
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 13:05
supprime ce Combofix stp !


reprends avec celui-ci > http://www.cijoint.fr/cjlink.php?file=cj200908/cijBejTlTS.zip

tu extrais "ske.exe" de cette archive sur ton bureau ( c'est Combo préhalablement renommé ) et tu le lances ...


Ci cela a foiré de nouveau , dis le moi ...


j'espère qu'on aura le rapport sinon on risque de plus en avoir ( des cou***es ) à la fin de la journée ^^"..



0
Réponse 57 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 13:06
Lol, c'est clair...
0
Réponse 58 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 13:24
Bon à priori c'était bien un mauvais Cfix.

ComboFix 09-08-26.05 - Administrateur 27/08/2009 13:08.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1454 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Bureau\cijBejTlTS\ske.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\538103e.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\kbiwkmbqtvkfto.dat
c:\windows\system32\kbiwkmecrcrjyu.dll
c:\windows\system32\kbiwkmeppjwxhv.dat
c:\windows\system32\kbiwkmitvspqrp.dll
c:\windows\system32\kbiwkmksmqxicu.dat
c:\windows\system32\kbiwkmllypxtow.dat
c:\windows\system32\kbiwkmphbxjejp.dat
c:\windows\system32\kbiwkmqjkenkro.dll
c:\windows\system32\kbiwkmudguwnmy.dll
c:\windows\system32\kbiwkmvksviyqx.dll
c:\windows\system32\kbiwkmvnfyavnx.dat
c:\windows\system32\kbiwkmwwkpiqom.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmhrnmxjbq
-------\Service_kbiwkmhrnmxjbq


((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 10:38 . 2009-08-27 10:39 -------- d-s---w- C:\CFix
2009-08-27 07:58 . 2009-08-27 07:58 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Cooliris
2009-08-27 07:58 . 2009-07-06 20:39 937984 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-08-27 07:58 . 2009-07-06 20:39 106496 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-08-27 07:58 . 2009-07-06 20:39 103424 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-08-27 07:58 . 2009-07-06 20:39 65536 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-08-27 07:58 . 2009-07-06 20:39 344064 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-08-27 07:58 . 2009-07-06 20:39 4722688 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-08-26 21:19 . 2009-08-26 21:19 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\ESET
2009-08-26 09:33 . 2009-08-26 09:33 34796 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-26 09:33 . 2009-08-26 09:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer
2009-08-25 09:45 . 2009-08-25 09:45 -------- d-----w- C:\_OTM
2009-08-25 07:58 . 2009-08-25 07:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ESET
2009-08-25 07:56 . 2009-08-25 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-25 07:53 . 2009-08-25 07:53 -------- d-----w- c:\program files\ESET
2009-08-25 06:29 . 2009-08-25 06:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-08-24 14:13 . 2009-08-24 14:43 -------- d-----w- C:\Lop SD
2009-08-24 13:31 . 2009-08-24 13:37 -------- d-----w- C:\ToolBar SD
2009-08-24 13:15 . 2009-08-25 05:36 -------- d-----w- c:\program files\ZHPDiag
2009-08-23 20:58 . 2009-08-23 20:58 7114736 ----a-w- c:\documents and settings\Administrateur\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-08-23 07:45 . 2009-08-23 08:06 -------- d-----w- c:\windows\BDOSCAN8
2009-08-22 07:07 . 2009-08-22 07:07 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Opera
2009-08-22 07:01 . 2009-08-22 07:01 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Apple
2009-08-22 07:01 . 2009-08-22 07:01 -------- d-----w- c:\program files\Apple Software Update
2009-08-22 07:01 . 2009-08-22 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-21 14:25 . 2009-08-21 14:25 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Nosibay
2009-08-21 14:25 . 2009-08-21 14:25 -------- d-----w- c:\program files\Fichiers communs\Nosibay
2009-08-21 14:25 . 2009-08-21 14:25 -------- d-----w- c:\program files\Nosibay
2009-08-21 05:59 . 2009-08-21 05:59 1924440 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-08-20 13:56 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 13:56 . 2009-08-20 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-20 13:56 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 12:09 . 2009-08-20 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-08-20 11:41 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-08-20 11:41 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-08-20 10:51 . 2009-08-20 10:51 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-08-11 08:57 . 2009-08-11 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2009-08-10 10:42 . 2009-08-10 10:42 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-08-10 10:41 . 2009-08-10 10:41 78540 ----a-w- c:\documents and settings\Administrateur\Application Data\Nosibay\Bubble Dock\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\bspatch.exe
2009-08-10 10:41 . 2009-08-10 10:41 132096 ----a-w- c:\documents and settings\Administrateur\Application Data\Nosibay\Bubble Dock\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\patch.exe
2009-08-07 10:25 . 2009-08-07 10:25 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Yahoo
2009-08-07 10:16 . 2009-08-07 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-07 10:16 . 2009-08-07 10:16 -------- d-----w- c:\program files\Yahoo!
2009-08-07 10:16 . 2009-05-26 19:30 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-08-06 08:01 . 2009-08-06 08:01 69632 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe
2009-08-04 20:12 . 2009-08-04 20:12 -------- d-----w- c:\windows\Performance
2009-08-04 20:11 . 2009-08-04 20:11 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft Corporation
2009-08-04 06:49 . 2009-08-04 06:49 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Micro Application
2009-08-04 06:49 . 2009-08-04 06:49 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Micro_Application
2009-07-30 16:06 . 2009-07-30 16:06 -------- d-sh--w- c:\documents and settings\LocalService
2009-07-30 16:05 . 2009-07-30 16:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-30 16:05 . 2009-07-30 16:05 -------- d-----w- c:\program files\MSBuild
2009-07-30 16:05 . 2009-07-30 16:05 -------- d-----w- c:\program files\Reference Assemblies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 10:48 . 2009-02-15 09:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2009-08-27 10:34 . 2009-02-15 09:03 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2009-08-25 23:27 . 2009-03-01 21:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Azureus
2009-08-24 16:40 . 2009-02-13 21:47 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-22 16:48 . 2009-04-07 13:57 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Lite
2009-08-22 16:43 . 2009-04-07 13:57 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-20 12:59 . 2009-02-13 22:20 56048 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 11:52 . 2009-02-13 23:01 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-07 23:48 . 2008-04-14 12:00 81824 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-07 23:48 . 2008-04-14 12:00 503866 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-07 06:27 . 2009-02-14 10:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-25 09:15 . 2009-07-13 16:22 -------- d-----w- c:\windows\Fonts\Fonts
2009-07-25 06:01 . 2009-07-25 06:01 -------- d-----w- c:\program files\TurnTool
2009-07-25 05:53 . 2009-07-24 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-22 21:20 . 2009-07-25 06:46 180224 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
2009-07-21 10:27 . 2009-07-02 14:46 -------- d-----w- c:\program files\Google
2009-07-19 14:27 . 2009-07-19 14:27 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-19 14:27 . 2009-02-15 09:01 -------- d-----r- c:\program files\Skype
2009-07-19 14:27 . 2009-02-15 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-18 13:01 . 2009-02-13 22:09 -------- d-----w- c:\program files\Notepad++
2009-07-16 09:03 . 2009-07-16 08:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ImgBurn
2009-07-16 08:13 . 2009-07-16 08:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Nero
2009-07-12 14:42 . 2009-02-17 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-12 08:39 . 2009-07-12 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2009-07-04 20:23 . 2009-07-04 20:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-04 20:23 . 2009-07-04 20:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-04 07:46 . 2009-07-04 07:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\XnView
2009-06-24 19:02 . 2009-06-30 16:33 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-06-19 17:51 . 2009-06-30 16:33 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2009-06-19 17:51 . 2009-06-30 16:33 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-06-19 17:51 . 2009-06-30 16:33 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-19 17:51 . 2009-06-30 16:33 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-06-19 17:51 . 2009-06-30 16:33 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-06-19 11:03 . 2009-07-22 05:59 2797468 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
.

------- Sigcheck -------

[-] 2008-09-27 10:27 517632 EF31A8266AF7996746392E4F45502536 c:\windows\system32\user32.dll

[-] 2008-09-27 10:27 879616 90B16FF3ACEC94B95BA95AA686442A47 c:\windows\system32\wininet.dll

[-] 2008-09-27 10:27 593408 4BB6301D634C857A5089E8B24C5555E4 c:\windows\system32\winlogon.exe

[-] 2008-09-27 10:31 2207872 A3CA2B158B645447964ADC84FA7E6EE6 c:\windows\system32\ntkrnlpa.exe

[-] 2008-09-27 10:26 2331008 65A2D2BD594EB3E670CECFFEED75FB69 c:\windows\system32\ntoskrnl.exe

[-] 2008-09-27 10:24 1573888 BFBBBFE0913E6C9706F97598A6588B8F c:\windows\explorer.exe

[-] 2008-09-27 10:24 37376 B3D95BCB6D0B033BEBFB81FADDA8B8AC c:\windows\system32\ctfmon.exe

[-] 2008-09-27 10:25 3774464 B6BC3773B01BF85B880F56C198EEA90B c:\windows\system32\mshtml.dll

[-] 2008-09-27 10:24 1504256 0F350F1870E65C510FFFF60D7EE14BA8 c:\windows\system32\comres.dll

[-] 2008-09-27 10:24 693248 AAC42FD16A1976DE9A0773E740597644 c:\windows\system32\comctl32.dll
[7] 2008-04-14 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 12:00 1054208 F92E6BEA9349D49341383F8403B4DFE5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMover"="c:\program files\WinMover\WinMover.exe" [2005-12-02 10240]
"RocketDock"="d:\programmes\RocketDock\RocketDock\RocketDock.exe" [2007-09-02 495616]
"H/PC Connection Agent"="d:\programmes\ActivSync\Wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-30 25604904]
"Messenger (Yahoo!)"="d:\programmes\YahooMsg\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"DAEMON Tools Lite"="d:\programmes\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Acrobat Speed Launcher"="d:\programmes\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\programmes\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"egui"="d:\programmes\Nod32\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"JkDefrag"="advpack.dll" - c:\windows\system32\advpack.dll [2008-08-28 124928]
"SweetRegistry"="advpack.dll" - c:\windows\system32\advpack.dll [2008-08-28 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\programmes\ActivSync\rapimgr.exe"= d:\programmes\ActivSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\programmes\ActivSync\wcescomm.exe"= d:\programmes\ActivSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmes\\YahooMsg\\Messenger\\YahooMessenger.exe"=
"d:\\Programmes\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]
R2 ekrn;ESET Service;d:\programmes\Nod32\ekrn.exe [06/02/2009 14:23 727720]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2009 15:46 216232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\174A.tmp --> c:\windows\system32\174A.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{D10A0BD6-DEAB-423e-8A6B-373B4BDB3C7B}]
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\firefox.inf,PerUserStub

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
rundll32 advpack.dll,LaunchINFSection c:\windows\INF\ie.inf,IE7Stub

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9f81ae06-bf80-462a-b349-c19e50524289}]
c:\program files\Nosibay\Bubble Dock\Deploy.exe /L=1036 /O=GOO001 /I=17319 /X=XFT-XEU-TTW /M=1 /W=1 /A=1
.
Contents of the 'Scheduled Tasks' folder

2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: d:\programmes\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF - plugin: d:\programmes\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\programmes\Opera\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 13:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\174A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1316)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\SHDOCVW.dll
d:\programmes\RocketDock\RocketDock\RocketDock.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\E_S00RP1.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-27 13:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 11:19

Pre-Run: 700 792 832 octets libres
Post-Run: 603 189 248 octets libres

365
0
Réponse 59 / 82
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
27 août 2009 à 13:31
yes ... !



il doit y avoir du mieux pour ton PC maintenant ? ... teste le ...


j'analyse le rapport et te donne la suite ...


0
Réponse 60 / 82
claudio34 Messages postés 64 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 7 septembre 2009 2
27 août 2009 à 13:41
en tout cas, ça a l'air d'aller mieux, ça rame moins!

et les lien on l'air de fonctionner correctement!
0

Discussions similaires

Prélèvement Google Ireland Limited
jaffa1961 -
gill34051 -

32 réponses