Merci a vous deux ep44 et jlpjlp de me repondre aussi rapidement
après avoir suivi les indications de ep44 voici les rapports:
[b]SDFix: Version 1.181 /b
Run by HP_Propri‚taire on 09/05/2008 at 16:02
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\HP_PRO~1\Bureau\SDFix
[b]Checking Services /b:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files /b:
Trojan Files Found:
C:\WINDOWS\system32\smp\msrc.exe - Deleted
C:\Program Files\wunauclt.zip - Deleted
C:\Program Files\wunauclt.tbe - Deleted
C:\Documents and Settings\HP_Propri‚taire\services.exe - Deleted
C:\WINDOWS\spwoqbmv.exe - Deleted
C:\WINDOWS\system32\akttzn.exe - Deleted
C:\WINDOWS\system32\anticipator.dll - Deleted
C:\WINDOWS\system32\awtoolb.dll - Deleted
C:\WINDOWS\system32\bdn.com - Deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted
C:\WINDOWS\system32\dpcproxy.exe - Deleted
C:\WINDOWS\system32\emesx.dll - Deleted
C:\WINDOWS\system32\hoproxy.dll - Deleted
C:\WINDOWS\system32\hxiwlgpm.dat - Deleted
C:\WINDOWS\system32\hxiwlgpm.exe - Deleted
C:\WINDOWS\system32\medup012.dll - Deleted
C:\WINDOWS\system32\msgp.exe - Deleted
C:\WINDOWS\system32\msnbho.dll - Deleted
C:\WINDOWS\system32\mssecu.exe - Deleted
C:\WINDOWS\system32\msvchost.exe - Deleted
C:\WINDOWS\system32\mtr2.exe - Deleted
C:\WINDOWS\system32\mwin32.exe - Deleted
C:\WINDOWS\system32\netode.exe - Deleted
C:\WINDOWS\system32\newsd32.exe - Deleted
C:\WINDOWS\system32\ps1.exe - Deleted
C:\WINDOWS\system32\psof1.exe - Deleted
C:\WINDOWS\system32\psoft1.exe - Deleted
C:\WINDOWS\system32\regc64.dll - Deleted
C:\WINDOWS\system32\regm64.dll - Deleted
C:\WINDOWS\system32\Rundl1.exe - Deleted
C:\WINDOWS\system32\sncntr.exe - Deleted
C:\WINDOWS\system32\ssurf022.dll - Deleted
C:\WINDOWS\system32\ssvchost.com - Deleted
C:\WINDOWS\system32\ssvchost.exe - Deleted
C:\WINDOWS\system32\sysreq.exe - Deleted
C:\WINDOWS\system32\taack.dat - Deleted
C:\WINDOWS\system32\taack.exe - Deleted
C:\WINDOWS\system32\temp#01.exe - Deleted
C:\WINDOWS\system32\thun.dll - Deleted
C:\WINDOWS\system32\thun32.dll - Deleted
C:\WINDOWS\system32\VBIEWER.OCX - Deleted
C:\WINDOWS\system32\vbsys2.dll - Deleted
C:\WINDOWS\system32\vcatchpi.dll - Deleted
C:\WINDOWS\system32\winlogonpc.exe - Deleted
C:\WINDOWS\system32\winsystem.exe - Deleted
C:\WINDOWS\system32\WINWGPX.EXE - Deleted
C:\WINDOWS\xbaqktfv.exe - Deleted
Folder C:\WINDOWS\system32\smp - Removed
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 16:29:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
"khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
"khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
"khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
"khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d6,0c,b1,f5,10,27,ba,b5,80,3f,68,5d,67,c3,22,6e,c7,ca,be,4b,c4,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b4,75,c3,82,35,0d,f3,8e,d4,69,a7,09,c8,67,f1,cb,5a,..
"khjeh"=hex:24,e3,92,53,aa,b2,a5,64,e0,2f,1f,20,b9,3b,44,9e,b0,f3,47,54,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:26,86,e0,1e,ce,c9,63,f7,c6,84,7c,47,cf,63,59,bc,2f,97,e1,1a,73,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temporary Internet Files\\Content.IE5\\DJJLZT3K\\incredimail_install[1].exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temporary Internet Files\\Content.IE5\\DJJLZT3K\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe:*:Disabled:Cym2005"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"="C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe:*:Enabled:NetXfer Download Manager"
"K:\\jeux\\base\\bin\\Settlers6.exe"="K:\\jeux\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Bƒtisseurs d'Empire"
"K:\\JEUX\\DAW\\W40kWA.exe"="K:\\JEUX\\DAW\\W40kWA.exe:*:Enabled:W40kWA"
"K:\\jeux\\supreme commender\\Supreme Commander\\bin\\SupremeCommander.exe"="K:\\jeux\\supreme commender\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"K:\\jeux\\supreme commender\\GPGNet\\GPG.Multiplayer.Client.exe"="K:\\jeux\\supreme commender\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"K:\\jeux\\star wars corruption\\swfoc.exe"="K:\\jeux\\star wars corruption\\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files /b:
File Backups: - C:\DOCUME~1\HP_PRO~1\Bureau\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
Mon 14 Aug 2006 218 A.SHR --- "C:\BOOT.BAK"
Thu 13 Sep 2007 20,992 ...H. --- "C:\WINWORD\~WRL0001.tmp"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 1 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 5 Feb 2001 34,331 ...H. --- "C:\swsetup\Monitors\HP_vs17x\INSTALL.EXE"
Wed 22 Jun 2005 21,668 A..H. --- "C:\swsetup\Monitors\HP_vs17x\SETMON.EXE"
Sun 7 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 3 Oct 2006 50,280 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT65.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT12.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\U3\temp\Launchpad Removal.exe"
[b]Finished!/b
======================================
[05/09/2008, 17:12:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Propriétaire\Bureau\VirtumundoBeGone.exe" )
[05/09/2008, 17:12:20] - Detected System Information:
[05/09/2008, 17:12:20] - Windows Version: 5.1.2600, Service Pack 2
[05/09/2008, 17:12:20] - Current Username: HP_Propriétaire (Admin)
[05/09/2008, 17:12:20] - Windows is in NORMAL mode.
[05/09/2008, 17:12:20] - Searching for Browser Helper Objects:
[05/09/2008, 17:12:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/09/2008, 17:12:20] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/09/2008, 17:12:20] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/09/2008, 17:12:20] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/09/2008, 17:12:20] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/09/2008, 17:12:20] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/09/2008, 17:12:20] - BHO 7: {D0661233-42D4-F7F1-80E1-8A9E0E99E71D} (BrowsingTool)
[05/09/2008, 17:12:20] - Finished Searching Browser Helper Objects
[05/09/2008, 17:12:20] - Finishing up...
[05/09/2008, 17:12:20] - Nothing found! Exiting...
==============================
VundoFix V7.0.3
Scan started at 16:42:58 09/05/2008
Listing files found while scanning....
No infected files were found.
-----------------------------------------------------------------------------------------------------------------------------
et voici pour finir le rapport de combofix que j'ai renommé killgable ( conseil de jlpjlp)
pushd "C:\327882R2FWJFW\"
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Propri‚taire\Application Data
cfldr=327882R2FWJFW
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=HELENEETMIKE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Propri‚taire
kmd=CF13182.exe
LOGONSERVER=\\HELENEETMIKE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\327882R2FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
sfxname=C:\Documents and Settings\HP_Propri‚taire\Bureau\killbagle.exe
SonicCentral=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
system=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
USERDOMAIN=HELENEETMIKE
USERNAME=HP_Propri‚taire
USERPROFILE=C:\Documents and Settings\HP_Propri‚taire
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
=============================================
if not defined sfxname goto END
Nircmd win close ititle "ComboFix"
If [] == [] Set "SfxCmd="
if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort
if exist "C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\327882R2FWJFW327882R2FWJFW.log"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 (C)
Ownerchange for "C:\WINDOWS\system32\cmd.exe" to Administrators group was successful
copy /y "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF13182.exe"
1 fichier(s) copi‚(s).
if not exist "C:\WINDOWS\system32\CF13182.exe" catchme -l nul -c "C:\WINDOWS\system32\cmd.exe" "C:\WINDOWS\system32\CF13182.exe"
For /F "tokens=*" %g in ("C:\Documents and Settings\HP_Propri‚taire\Bureau\killbagle.exe") do @(
set "FileName=%~ng"
set "FilePath=%~dpg"
)
Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || (
nircmd infobox "You cannot rename ComboFix as killbagle~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
goto END
)
DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00
FindStr.exe -LIXC:"killbagle" dirname00 1>nul && call :NameChk
FindStr.exe -LIXC:"killbagle" dirname03 1>nul 2>&1 && goto AbortB
if exist "\killbagle\*.cfexe" goto :eof
If exist dirname0? del /Q dirname0?
If exist "\killbagle" DIR /AD "\killbagle" 1>nul && (
rd /s/q "\killbagle"
If exist "\killbagle" (
PV -kf findstr.exe *.cfexe
rd /s/q "\killbagle"
)
If exist "\killbagle" (
handle "C:\killbagle" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00
for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h
del /q temp00
rd /s/q "\killbagle"
)
)
If exist "\killbagle" rd /s/q "\killbagle"
If exist "\killbagle" goto :eof
VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) ||
CD ..
Set "comspec=C:\WINDOWS\system32\CF13182.exe"
(
echo.md "\killbagle"
echo.Move /y "\327882R2FWJFW\*" "\killbagle"
echo.RD /S/Q "\327882R2FWJFW"
echo.Start "." /d"C:\killbagle" "C:\WINDOWS\system32\CF13182.exe" /k c.bat
echo.pv -kf cmd.exe
) 1>Start_.cmd
NirCmd exec hide "C:\WINDOWS\system32\CF13182.exe" /f:off /d /c call Start_.cmd
NirCmd execmd del "\327882R2FWJFW\prep.cmd"
EXIT
==========================================
merci beaucoup pour le temps que vous passez à m'aider à resoudre mon probleme
merci infiniment , myke
306 xs pack prénom
