Sujet Précédent Sujet Suivant

Ouverture mauvaise fenêtre sur google

Résolu/Fermé
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017 - 27 déc. 2009 à 02:46
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017 - 29 déc. 2009 à 15:01
Bonjour,

Lorsque j'effectue une recherche sur GOOGLE, la page de résultat
apparaît (jusque là normal).
Cependant lorsque je clique sur un résultat, une fenêtre totalement
différente du résultat affiché s'ouvre (souvent sur http://www.luckyresults.com/7398/search.php?keyword=gm%20canada&sid=2a8d78e0b3250c0f494329cad26ded1f&cid=BPO"")et sur (pub.ezanga.com et autres) Je suis donc obligé de cliquer sur précédent et
je re-cliquer sur le résultat (et ce à plusieurs reprises) pour
atteindre le résltat choisi mais souvent échouer.


Comment dois-je procéder pour parvenir à la page souhaitée au premier
essai ???
je vous laisse un mon hijackthis j'ai fait avant un spybot destroy et un ccleaner .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15, on 2009-12-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - https://www.costcophotocentre.ca/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
A voir également:

48 réponses

Réponse 1 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 03:07
**UP** a l aide merci
0
Réponse 2 / 48
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
27 déc. 2009 à 03:16
Salut yomenp


Rien de suspect, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit


@++ :)
0
Réponse 3 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 03:36
merci de ton aide voici le rapport et un peu plus ....


======List of files/folders created in the last 1 months======

2009-12-26 21:28:47 ----D---- C:\rsit
2009-12-26 20:14:38 ----D---- C:\Program Files\Trend Micro
2009-12-26 14:08:48 ----D---- C:\Program Files\MyDSC2
2009-12-26 14:06:53 ----D---- C:\Program Files\Common Files\ArcSoft
2009-12-26 14:01:18 ----D---- C:\Program Files\ArcSoft
2009-12-26 14:01:18 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-12-26 13:50:28 ----HDC---- C:\WINDOWS\$NtUninstallwinusb0100$
2009-12-26 13:50:09 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2009-12-26 13:49:34 ----D---- C:\Program Files\MP3 Player Utilities 4.19
2009-12-25 21:00:16 ----D---- C:\Program Files\ma-config.com
2009-12-25 20:49:20 ----D---- C:\Program Files\Common Files\Logitech
2009-12-25 15:13:37 ----DC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-25 14:22:10 ----D---- C:\Documents and Settings\User\Application Data\ArcSoft
2009-12-23 21:13:48 ----D---- C:\Documents and Settings\User\Application Data\Sony Corporation
2009-12-23 21:01:50 ----D---- C:\Program Files\Sony
2009-12-23 21:00:42 ----D---- C:\Documents and Settings\User\Application Data\InstallShield
2009-12-20 19:51:31 ----N---- C:\WINDOWS\UNNeroShowTime.exe
2009-12-18 11:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-12-06 19:58:09 ----D---- C:\Program Files\Panda Security

======List of files/folders modified in the last 1 months======

2009-12-26 20:14:38 ----RD---- C:\Program Files
2009-12-26 18:30:27 ----D---- C:\WINDOWS\Temp
2009-12-26 15:22:34 ----D---- C:\WINDOWS\system32\drivers
2009-12-26 15:22:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 15:22:24 ----D---- C:\WINDOWS\system32
2009-12-26 15:21:17 ----D---- C:\WINDOWS
2009-12-26 15:03:33 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-26 14:50:48 ----D---- C:\WINDOWS\twain_32
2009-12-26 14:36:55 ----D---- C:\Program Files\meteo
2009-12-26 14:26:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-26 14:26:32 ----D---- C:\WINDOWS\system32\DirectX
2009-12-26 14:23:39 ----SHD---- C:\WINDOWS\Installer
2009-12-26 14:23:39 ----D---- C:\Config.Msi
2009-12-26 14:09:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-26 14:08:56 ----HD---- C:\WINDOWS\inf
2009-12-26 14:08:56 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-26 14:08:52 ----A---- C:\WINDOWS\win.ini
2009-12-26 14:08:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-26 14:06:53 ----D---- C:\Program Files\Common Files
2009-12-25 21:00:16 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-12-25 20:51:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 15:49:41 ----D---- C:\WINDOWS\system32\config
2009-12-25 15:49:36 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 15:49:36 ----D---- C:\WINDOWS\Registration
2009-12-25 15:49:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 12:59:09 ----D---- C:\Documents and Settings\User\Application Data\XnView
2009-12-25 12:22:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-24 16:33:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-23 22:22:10 ----D---- C:\WINDOWS\Minidump
2009-12-23 14:33:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-23 14:09:17 ----D---- C:\Program Files\AnvSoft
2009-12-23 13:42:38 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-12-23 09:57:20 ----D---- C:\Documents and Settings\User\Application Data\Vso
2009-12-20 19:51:30 ----D---- C:\Program Files\Common Files\Ahead
2009-12-20 19:51:29 ----D---- C:\Program Files\Ahead
2009-12-18 18:09:01 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-18 18:08:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-18 16:04:42 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-05-21 96328]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-03 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-22 1166972]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-28 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-09-11 35592]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-09-11 66056]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 FINEPIX_PCC;FinePix Digital Camera 020815; C:\WINDOWS\System32\Drivers\V4CB0119.SYS [2002-05-07 81700]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SBRE;SBRE; C:\WINDOWS\system32\drivers\SBRE.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2007-04-16 37248]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-09-11 14984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-11-02 76672]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 ServicepointService;ServicepointService; C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe [2009-10-09 578800]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2008-07-09 26488]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------
0
Réponse 4 / 48
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
27 déc. 2009 à 03:42
Salut yomenp


Manque la moitié du rapport, faut posté le rapport au complet.


@++ :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 03:55
ok dsl

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-12-26 21:28:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (3%) free of 51 GB
Total RAM: 1015 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28, on 2009-12-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4DA7CH23\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Outil de détection de support PMB.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
0
Réponse 6 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 03:57
suite
info.txt logfile of random's system information tool 1.06 2009-12-26 21:28:50

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c /removeonly /uninstall -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Reader 9.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5863B6EF-76D0-4FF8-AA2F-EEBE7CC49DAA}\setup.exe" -l0x40c
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5339885F-4597-4343-BD3B-74280CC79424}\setup.exe" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EA SPORTS online 2005-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EVEREST Ultimate Edition v5.01-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FinePixViewer Ver.3.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire PRO 4.10.9-->"C:\Program Files\LimeWire\uninstall.exe"
Logiciel Kodak EasyShare-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_39ae9\Setup.exe /APR-REMOVE
Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43}
Madden NFL 08-->C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
Madden NFL 2005-->C:\Program Files\EA SPORTS\Madden NFL 2005\EAUninstall.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{9026040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Monopoly-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
MP3 Player Utilities 4.19-->MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MP3_98driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{366D4883-DC0B-43A2-9EFE-CAE93B6ABD8A}\Setup.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x040c /removeonly -removeonly
MVP Baseball 2003-->C:\Program Files\EA SPORTS\MVP Baseball 2003\EAUninstall.exe
MyDSC2-->C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\setup.exe -runfromtemp -l0x0009 -removeonly
Need For Speed High Stakes-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Electronic Arts\Need For Speed High Stakes\Uninst.isu" -c"C:\Program Files\Electronic Arts\Need For Speed High Stakes\uninst.dll" E
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero ShowTime CE-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NHL™ 09-->MsiExec.exe /X{827B97A9-B347-4110-9F89-37AF2B758F94}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Paragon Partition Manager 8.5 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}\Setup.exe" -l0x9
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Advisor-->MsiExec.exe /I{809B9368-87AE-4F56-9743-FB16C99C2038}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tiger Woods PGA TOUR 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FDD9D12-46C9-4156-A4A0-55297B9498CA}\Setup.exe" -l0x40c uninstallme
Videotron Service Agent 3.0.21-->"C:\Program Files\Videotron\Videotron Service Agent\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
XnView 1.95.4-->"C:\Program Files\XnViewphoto\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 091226-1]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
0
Réponse 7 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 04:26
ups a l'aide
0
Réponse 8 / 48
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
27 déc. 2009 à 04:32
Salut yomenp


On va creuser un peu plus

Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp


==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++ :)
0
Réponse 9 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 04:53
impossible comme tu m as dit Désactive ton Antivirus et antispyware c est fait toujours le même message

you cannot remame combofix as combofix
please use another name ,preferbaly made up of alphanumeric characters

j ai juste fait comme tu m'as dit pourtant .
0
Réponse 10 / 48
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
27 déc. 2009 à 05:01
Salut yomenp


Faire un clic droit sur ce lien :

http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Pour Internet Explorer

- Choisi Enregistrer la cible sous ...

Pour Firefox

- Choisi Enregistrer la cible du lien sous...


- Choisi le bureau comme lieu d'enregistrement

- Donne lui ce nom bibite.exe clique sur [b]Enregistrer[/b]

Continu le reste de la procédure


@++ :)
0
Réponse 11 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 05:40
merci voici le rapport de combixfix ou de bibite.exe

ComboFix 09-12-26.02 - User 2009-12-26 23:25:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.636 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\bibite.exe
AV: avast! antivirus 4.8.1351 [VPS 091226-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\inst.exe

c:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 04:08 . 2009-12-27 04:08 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-12-27 04:08 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-27 04:08 . 2009-12-27 04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 04:08 . 2009-12-27 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-27 04:08 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 02:28 . 2009-12-27 02:28 -------- d-----w- C:\rsit
2009-12-27 01:14 . 2009-12-27 01:14 -------- d-----w- c:\program files\Trend Micro
2009-12-26 19:34 . 2009-12-26 19:34 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\MétéoMédia
2009-12-26 19:08 . 2007-04-16 22:40 37248 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2009-12-26 19:08 . 2007-04-09 19:54 25216 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2009-12-26 19:08 . 2009-12-26 19:16 -------- d-----w- c:\program files\MyDSC2
2009-12-26 19:06 . 2009-12-26 19:06 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-26 19:03 . 2006-11-10 20:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2009-12-26 19:01 . 2009-12-26 19:06 -------- d-----w- c:\program files\ArcSoft
2009-12-26 19:01 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-12-26 18:50 . 2009-12-26 18:50 766 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2009-12-26 18:50 . 2009-12-26 18:50 2550 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_D0047288301C30DA811A0F.exe
2009-12-26 18:50 . 2009-12-26 18:50 1518 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_C27BEE651C3EE1EF20AB6A.exe
2009-12-26 18:50 . 2009-12-26 18:50 1078 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F42A717ADAEB1EE8514FB3.exe
2009-12-26 18:50 . 2009-12-26 18:50 1078 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_EB66B5A478AF14DB51B289.exe
2009-12-26 18:50 . 2009-12-26 18:50 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_55A1FAE66E55A8BC1BE320.exe
2009-12-26 18:49 . 2009-12-26 18:49 -------- d-----w- c:\program files\MP3 Player Utilities 4.19
2009-12-26 18:03 . 2009-12-26 18:03 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-12-26 02:00 . 2009-12-26 02:00 -------- d-----w- c:\program files\ma-config.com
2009-12-26 01:52 . 2009-12-26 01:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Logitech
2009-12-26 01:49 . 2004-08-04 03:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-12-26 01:49 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-12-26 01:49 . 2009-12-26 02:23 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-25 20:49 . 2009-12-25 20:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-25 19:22 . 2009-12-25 20:48 -------- d-----w- c:\documents and settings\User\Application Data\ArcSoft
2009-12-24 02:13 . 2009-12-24 02:13 -------- d-----w- c:\documents and settings\User\Application Data\Sony Corporation
2009-12-24 02:01 . 2009-12-24 02:08 -------- d-----w- c:\program files\Sony
2009-12-24 02:01 . 2009-12-24 02:01 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
2009-12-24 02:00 . 2009-12-24 02:00 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2009-12-21 00:51 . 2005-08-24 12:46 3006464 ------w- c:\windows\UNNeroShowTime.exe
2009-12-18 16:34 . 2009-12-18 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-07 00:58 . 2009-12-26 20:22 -------- d-----w- c:\program files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 19:36 . 2008-04-16 01:52 -------- d-----w- c:\program files\meteo
2009-12-26 19:08 . 2007-09-21 20:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 02:00 . 2009-04-30 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-12-25 20:49 . 2008-01-11 02:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-25 17:59 . 2009-01-01 14:57 -------- d-----w- c:\documents and settings\User\Application Data\XnView
2009-12-23 19:33 . 2008-09-05 19:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-23 19:09 . 2009-07-28 20:36 -------- d-----w- c:\program files\AnvSoft
2009-12-23 18:42 . 2007-09-23 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-12-23 14:57 . 2009-07-29 00:47 -------- d-----w- c:\documents and settings\User\Application Data\Vso
2009-12-21 00:51 . 2009-10-13 13:52 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-21 00:51 . 2009-05-09 19:17 -------- d-----w- c:\program files\Ahead
2009-12-18 23:09 . 2007-09-24 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-30 20:30 . 2009-10-30 20:30 -------- d-----w- c:\program files\Radialpoint
2009-10-30 20:30 . 2009-10-30 20:30 -------- d-----w- c:\documents and settings\User\Application Data\Videotron
2009-10-30 20:30 . 2009-10-30 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2009-10-30 20:29 . 2009-10-30 20:29 -------- d-----w- c:\program files\Videotron
2009-10-30 20:29 . 2009-10-30 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Videotron
2009-10-06 16:16 . 2007-09-23 21:41 43136 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-12-15 21:31 . 2007-12-15 21:30 48 --sh--w- c:\windows\SA6C648CD.tmp
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[-] 2004-08-04 01:07 . FA1465976CC19BA6FCBF0A780CEA7AA0 . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 68856]
"WeatherEye"="c:\documents and settings\User\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-23 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"VideotronSA.exe"="c:\program files\Videotron\Videotron Service Agent\VideotronSA.exe" [2009-10-09 3376368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\User\Start Menu\Programs\Startup\
Outil de d‚tection de support PMB.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-23 333088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 14:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-05-22 03:46 1369288 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 01:07 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-09-23 21:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 02:32 53248 ----a-w- c:\program files\REGSHAVE\Regshave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2006-07-13 11:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-19 01:34 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-08-18 22:41 1832272 ----a-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-23 21:06 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
2004-06-03 08:51 172032 ----a-w- c:\program files\Microsoft IntelliType Pro\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"spupdsvc"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"NBService"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"KodakCCS"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"WLSetupSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Videotron\\Videotron Service Agent\\ServicepointService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2518:UDP"= 2518:UDP:Windows Media Format SDK (iexplore.exe)
"2519:UDP"= 2519:UDP:Windows Media Format SDK (iexplore.exe)
"2532:UDP"= 2532:UDP:Windows Media Format SDK (iexplore.exe)

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-09-23 38448]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-08 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-08 20560]
R2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [2009-10-30 578800]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-12-17 243056]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-26 38224]
S3 SBRE;SBRE; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegTool - c:\program files\RegTool\RegTool.exe
HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-WeatherEye - c:\program files\meteo\WeatherEye.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 23:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x87B0A618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76bbfc3
\Driver\ACPI -> ACPI.sys @ 0xf760ecb8
\Driver\atapi -> atapi.sys @ 0xf75a07b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059ece9
ParseProcedure -> ntoskrnl.exe @ 0x8057e98a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf74adba0
PacketIndicateHandler -> NDIS.sys @ 0xf74bab21
SendHandler -> NDIS.sys @ 0xf749887b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-1580436667-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-299502267-1580436667-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,9f,77,23,0e,5a,f4,9e,59,5a,4f,59,1c,b3,b0,03,33,75,a5,28,f4,b9,8f,
3d,ec,fa,84,cc,2d,2d,5a,10,d7,2a,b4,7e,47,72,60,6b,d0,d1,e1,e7,82,4b,03,24,\
"??"=hex:fa,79,8b,58,d3,e6,92,92,79,3c,fb,5b,53,55,03,8c

[HKEY_USERS\S-1-5-21-299502267-1580436667-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e7,e7,41,51,97,75,a5,19,b6,82,bd,87,cb,df,1c,d3,53,96,f5,96,8c,
37,c1,87,8e,05,39,88,3e,ba,1f,3e,0f,82,d1,d4,ad,ab,a6,ae,e8,48,4e,c4,b4,9c,\
"rkeysecu"=hex:67,0e,b6,90,7b,80,8f,bd,15,90,07,9e,d5,6c,62,fc

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Completion time: 2009-12-26 23:35:40
ComboFix-quarantined-files.txt 2009-12-27 04:35
ComboFix2.txt 2008-09-05 21:39
ComboFix3.txt 2008-09-05 21:18

Pre-Run: 1 598 431 232 bytes free
Post-Run: 1 797 586 944 bytes free

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 34E396BD9E40A7F12083C12C4C7B2999
0
Réponse 12 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 05:52
je suis presentement en scan du C et E de mon ordi avec Malwarebytes' Anti-Malware
0
Réponse 13 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 05:57
merci de pour l aide je revien demain pour plus d info merci de ton aide dédétraquer en esperant qu on vienne a bout je vais me coucher je suis claquer .
0
Réponse 14 / 48
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
27 déc. 2009 à 06:06
Salut


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en gras ci-dessous dans le Bloc-Notes :

KillAll::

Driver::
Lavasoft Ad-Aware Service
NMIndexingService

FCopy::
c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys | c:\windows\system32\drivers\atapi.sys

- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

http://free0.hiboox.com/images/2409/9126d3b136f7db9ab6242ad715b44296.gif

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


@++ :)
0
Réponse 15 / 48
jfkpresident Messages postés 13404 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
27 déc. 2009 à 15:45
Bonjour ;

Pour suivre..
0
Réponse 16 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 16:04
voici un rapport de mon

Malwarebytes' Anti-Malware 1.42

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3437
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2009-12-27 09:37:46
mbam-log-2009-12-27 (09-37-46).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 192397
Temps écoulé: 35 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 220

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcgg0j0ee4n (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\User\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\User\Application Data\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\Logs\2009-04-29 22-09-440.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\QuarantineW\2009-04-29 22-13-020\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
0
Réponse 17 / 48
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
27 déc. 2009 à 16:15
Salut yomenp


Faire la procédure de mon dernier message


@++ :)
0
Réponse 18 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 16:38
merci j'ai fait la procédure que tu m'as demander même probleme

Impossible comme tu m as dit Désactive ton Antivirus et antispyware c est fait toujours le même message

you cannot remame combofix as combofix
please use another name ,preferbaly made up of alphanumeric characters

j ai juste fait comme tu m'as dit pourtant .sur mon bureau le fichier bien ecrit glisser et pouf ce probleme de name .
0
Réponse 19 / 48
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 286
27 déc. 2009 à 16:55
Salut yomenp


Télécharge load_tdsskiller de Loup Blanc sur ton Bureau :
http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

- Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan

- A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
- Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
- Fais redémarrer ton PC


@++ :)
0
Réponse 20 / 48
yomenp Messages postés 75 Date d'inscription dimanche 27 décembre 2009 Statut Membre Dernière intervention 15 mars 2017
27 déc. 2009 à 17:01
voici le rapport

fradesch.......

10:59:37:859 2324 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
10:59:37:859 2324 ================================================================================
10:59:37:859 2324 SystemInfo:

10:59:37:859 2324 OS Version: 5.1.2600 ServicePack: 2.0
10:59:37:859 2324 Product type: Workstation
10:59:37:859 2324 ComputerName: HOME_PC
10:59:37:859 2324 UserName: User
10:59:37:859 2324 Windows directory: C:\WINDOWS
10:59:37:859 2324 Processor architecture: Intel x86
10:59:37:859 2324 Number of processors: 2
10:59:37:859 2324 Page size: 0x1000
10:59:37:859 2324 Boot type: Normal boot
10:59:37:859 2324 ================================================================================
10:59:37:859 2324 ForceUnloadDriver: NtUnloadDriver error 2
10:59:37:859 2324 ForceUnloadDriver: NtUnloadDriver error 2
10:59:37:859 2324 ForceUnloadDriver: NtUnloadDriver error 2
10:59:37:875 2324 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
10:59:37:875 2324 main: Driver KLMD successfully dropped
10:59:37:921 2324 main: Driver KLMD successfully loaded
10:59:37:921 2324
Scanning Registry ...
10:59:37:921 2324 ScanServices: Searching service UACd.sys
10:59:37:921 2324 ScanServices: Open/Create key error 2
10:59:37:921 2324 ScanServices: Searching service TDSSserv.sys
10:59:37:921 2324 ScanServices: Open/Create key error 2
10:59:37:921 2324 ScanServices: Searching service gaopdxserv.sys
10:59:37:921 2324 ScanServices: Open/Create key error 2
10:59:37:921 2324 ScanServices: Searching service gxvxcserv.sys
10:59:37:921 2324 ScanServices: Open/Create key error 2
10:59:37:921 2324 ScanServices: Searching service MSIVXserv.sys
10:59:37:921 2324 ScanServices: Open/Create key error 2
10:59:37:921 2324 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
10:59:37:937 2324 UnhookRegistry: Kernel local addr: BC0000
10:59:37:937 2324 UnhookRegistry: KeServiceDescriptorTable addr: C4C500
10:59:38:031 2324 UnhookRegistry: KiServiceTable addr: BCDF40
10:59:38:031 2324 UnhookRegistry: NtEnumerateKey service number (local): 47
10:59:38:031 2324 UnhookRegistry: NtEnumerateKey local addr: C6369E
10:59:38:031 2324 KLMD_OpenDevice: Trying to open KLMD device
10:59:38:031 2324 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
10:59:38:031 2324 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x804E3C9C[0x4]
10:59:38:031 2324 UnhookRegistry: NtEnumerateKey service number (kernel): 47
10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x804E505C[0x4]
10:59:38:031 2324 UnhookRegistry: NtEnumerateKey real addr: 8057A69E
10:59:38:031 2324 UnhookRegistry: NtEnumerateKey calc addr: 8057A69E
10:59:38:031 2324 UnhookRegistry: No SDT hooks found on NtEnumerateKey
10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x8057A69E[0xA]
10:59:38:031 2324 UnhookRegistry: No splicing found on NtEnumerateKey
10:59:38:031 2324
Scanning Kernel memory ...
10:59:38:031 2324 KLMD_OpenDevice: Trying to open KLMD device
10:59:38:031 2324 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
10:59:38:031 2324 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
10:59:38:031 2324 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 87B03968
10:59:38:031 2324 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
10:59:38:031 2324 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 87AFE030
10:59:38:031 2324 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87AFE030
10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x87AFE030[0x38]
10:59:38:031 2324 DetectCureTDL3: DRIVER_OBJECT addr: 87B03968
10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B03968[0xA8]
10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0xE1019A98[0x208]
10:59:38:031 2324 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:59:38:031 2324 DetectCureTDL3: IrpHandler (0) addr: F76CDC30
10:59:38:031 2324 DetectCureTDL3: IrpHandler (1) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (2) addr: F76CDC30
10:59:38:031 2324 DetectCureTDL3: IrpHandler (3) addr: F76C7D9B
10:59:38:031 2324 DetectCureTDL3: IrpHandler (4) addr: F76C7D9B
10:59:38:031 2324 DetectCureTDL3: IrpHandler (5) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (6) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (7) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (8) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (9) addr: F76C8366
10:59:38:031 2324 DetectCureTDL3: IrpHandler (10) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (11) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (12) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (13) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (14) addr: F76C844D
10:59:38:031 2324 DetectCureTDL3: IrpHandler (15) addr: F76CBFC3
10:59:38:031 2324 DetectCureTDL3: IrpHandler (16) addr: F76C8366
10:59:38:031 2324 DetectCureTDL3: IrpHandler (17) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (18) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (19) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (20) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (21) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (22) addr: F76C9EF3
10:59:38:031 2324 DetectCureTDL3: IrpHandler (23) addr: F76CEA24
10:59:38:031 2324 DetectCureTDL3: IrpHandler (24) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (25) addr: 804FCB6A
10:59:38:031 2324 DetectCureTDL3: IrpHandler (26) addr: 804FCB6A
10:59:38:031 2324 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:59:38:031 2324 KLMD_ReadMem: DeviceIoControl error 1
10:59:38:031 2324 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:59:38:031 2324 TDL3_FileDetect: Processing driver: Disk
10:59:38:031 2324 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
10:59:38:031 2324 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:59:38:031 2324 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:59:38:062 2324 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 87B669D0
10:59:38:062 2324 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87B669D0
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B669D0[0x38]
10:59:38:062 2324 DetectCureTDL3: DRIVER_OBJECT addr: 87B03968
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B03968[0xA8]
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0xE1019A98[0x208]
10:59:38:062 2324 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
10:59:38:062 2324 DetectCureTDL3: IrpHandler (0) addr: F76CDC30
10:59:38:062 2324 DetectCureTDL3: IrpHandler (1) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (2) addr: F76CDC30
10:59:38:062 2324 DetectCureTDL3: IrpHandler (3) addr: F76C7D9B
10:59:38:062 2324 DetectCureTDL3: IrpHandler (4) addr: F76C7D9B
10:59:38:062 2324 DetectCureTDL3: IrpHandler (5) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (6) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (7) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (8) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (9) addr: F76C8366
10:59:38:062 2324 DetectCureTDL3: IrpHandler (10) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (11) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (12) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (13) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (14) addr: F76C844D
10:59:38:062 2324 DetectCureTDL3: IrpHandler (15) addr: F76CBFC3
10:59:38:062 2324 DetectCureTDL3: IrpHandler (16) addr: F76C8366
10:59:38:062 2324 DetectCureTDL3: IrpHandler (17) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (18) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (19) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (20) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (21) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (22) addr: F76C9EF3
10:59:38:062 2324 DetectCureTDL3: IrpHandler (23) addr: F76CEA24
10:59:38:062 2324 DetectCureTDL3: IrpHandler (24) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (25) addr: 804FCB6A
10:59:38:062 2324 DetectCureTDL3: IrpHandler (26) addr: 804FCB6A
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
10:59:38:062 2324 KLMD_ReadMem: DeviceIoControl error 1
10:59:38:062 2324 TDL3_StartIoHookDetect: Unable to get StartIo handler code
10:59:38:062 2324 TDL3_FileDetect: Processing driver: Disk
10:59:38:062 2324 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
10:59:38:062 2324 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
10:59:38:062 2324 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
10:59:38:062 2324 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 87B01AB8
10:59:38:062 2324 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87B01AB8
10:59:38:062 2324 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 87B04030
10:59:38:062 2324 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87B04030
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B04030[0x38]
10:59:38:062 2324 DetectCureTDL3: DRIVER_OBJECT addr: 87B00838
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B00838[0xA8]
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B6B940[0x38]
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B6F808[0xA8]
10:59:38:062 2324 KLMD_ReadMem: Trying to ReadMemory 0xE23C39B8[0x208]
10:59:38:062 2324 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
10:59:38:062 2324 DetectCureTDL3: IrpHandler (0) addr: 87B0A618
10:59:38:062 2324 DetectCureTDL3: IrpHandler (1) addr: 87B0A618
10:59:38:062 2324 DetectCureTDL3: IrpHandler (2) addr: 87B0A618
10:59:38:062 2324 DetectCureTDL3: IrpHandler (3) addr: 87B0A618
10:59:38:062 2324 DetectCureTDL3: IrpHandler (4) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (5) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (6) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (7) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (8) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (9) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (10) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (11) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (12) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (13) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (14) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (15) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (16) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (17) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (18) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (19) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (20) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (21) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (22) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (23) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (24) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (25) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: IrpHandler (26) addr: 87B0A618
10:59:38:078 2324 DetectCureTDL3: All IRP handlers pointed to one addr: 87B0A618
10:59:38:078 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B0A618[0x400]
10:59:38:078 2324 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
10:59:38:078 2324 Driver "atapi" Irp handler infected by TDSS rootkit ... 10:59:38:078 2324 KLMD_WriteMem: Trying to WriteMemory 0x87B0A67D[0xD]
10:59:38:078 2324 cured
10:59:38:078 2324 KLMD_ReadMem: Trying to ReadMemory 0x87B0A4BF[0x400]
10:59:38:078 2324 TDL3_StartIoHookDetect: CheckParameters: 7, FFDF0308, 334, 1
10:59:38:078 2324 Driver "atapi" StartIo handler infected by TDSS rootkit ... 10:59:38:078 2324 TDL3_StartIoHookCure: Number of patches 1
10:59:38:078 2324 KLMD_WriteMem: Trying to WriteMemory 0x87B0A5B6[0x6]
10:59:38:078 2324 cured
10:59:38:078 2324 TDL3_FileDetect: Processing driver: atapi
10:59:38:078 2324 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
10:59:38:078 2324 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
10:59:38:078 2324 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
10:59:38:093 2324 File C:\WINDOWS\system32\drivers\atapi.sys infected by TDSS rootkit ... 10:59:38:093 2324 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
10:59:38:093 2324 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
10:59:38:093 2324 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\Drivers\atapi.tsk
10:59:38:171 2324 TDL3_FileCure: Image path (system32\Drivers\atapi.tsk) was set for service (SYSTEM\CurrentControlSet\Services\atapi)
10:59:38:171 2324 TDL3_FileCure: KLMD_PendCopyFileW (C:\WINDOWS\system32\Drivers\atapi.tsk, C:\WINDOWS\system32\drivers\atapi.sys) success
10:59:38:171 2324 will be cured on next reboot
10:59:38:171 2324
Completed

Results:
10:59:38:171 2324 Infected objects in memory: 2
10:59:38:171 2324 Cured objects in memory: 2
10:59:38:171 2324 Infected objects on disk: 1
10:59:38:171 2324 Objects on disk cured on reboot: 1
10:59:38:171 2324 Objects on disk deleted on reboot: 0
10:59:38:171 2324 Registry nodes deleted on reboot: 0
10:59:38:171 2324
0

Discussions similaires

Prélèvement Google Ireland Limited
jaffa1961 -
gill34051 -

32 réponses