Sujet Précédent Sujet Suivant

Cheval de troie détecté ,impossible d'enlever

Résolu/Fermé
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009 - 3 mars 2009 à 08:24
 michel-jeep2001 - 29 avril 2012 à 15:32
Bonjour,

depuis 3 jours j'éssaye d'enlever un virus de mon ordinateur avec nod32, mais sa revient à chaque fois.

il me détecte Win32/Spy.zbot.JF

j'arrete pas de le mettre en quarantaine, mais 10 minute après j'ai de nouveau 3 à 4 alerte à la suite, et c'est toute la journée, sa devient vraiment genant.

Est-ce que quelqu'un pourais m'aider s'il vous plait?

Merci d'avance.
A voir également:

33 réponses

  • 1
  • 2
Réponse 1 / 33
Spider_cochon78 Messages postés 8323 Date d'inscription mercredi 17 octobre 2007 Statut Contributeur Dernière intervention 6 avril 2017 1 186
3 mars 2009 à 08:25
Bonjour, essaie de le nettoyer en mode sans échec (F8 à l'allumage).
0
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 08:28
Bonjour Spider,

merci pour ta réponse si rapide, mais je suis pas très douée peut tu me dire comment faire s-t-p?

je sais bien comment démarrer en mode sans échec, mais je ne sais pas comment le néttoyer en mode sans échec.

Merci.
0
Réponse 2 / 33
Spider_cochon78 Messages postés 8323 Date d'inscription mercredi 17 octobre 2007 Statut Contributeur Dernière intervention 6 avril 2017 1 186
3 mars 2009 à 08:30
tu fais redémarrer le PC

avant le lancement de windows tu appuies sur la touche F8 pour obtenir le menu de démarrage

tu choisis le mode sans échec

tu fais une analyse antivrus quand ton PC est en mode sans échec.
0
michel-jeep2001
29 avril 2012 à 15:32
moi j avait le meme probleme et j ai trouver la solution la plus simple, j ai floché avg car c est lui qui m envoyais les messages de trojan qui se multipliais sans cesse et ensuite spybot un redemarage et le tour est jouer.pour moi ca marcher.libre a vous
0
Réponse 3 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 08:33
Ok, merci spider, je vais éssayer.
0
Réponse 4 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 08:42
Je vient d'éssayer, pour le démarage en mode sans échec j'ai pas eu de souçis, mais a coté de mon horloge "coin inférieur droit" aucun icone apparait ,celui de mon anti virus non plus, je fait comment pour scaner si j'ai pas l'icone?

Merci
0
Spider_cochon78 Messages postés 8323 Date d'inscription mercredi 17 octobre 2007 Statut Contributeur Dernière intervention 6 avril 2017 1 186
3 mars 2009 à 09:24
tu lance ton antivirus dans menu démarrer / programmes / etc ...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 09:32
merci spider,

désolée j'ai pas tilter de suite, j'ai recommencer direct, et voilà l'analyse ma trouver 3 virus, j'ai trouver le dossier ou ils ce trouve ma question est, puis-je les supprimer sans risque pour mon pc?

les fichier infecter sont:

C:\WINDOWS\Temp\1.tmp - Win32/Spy.Zbot.JF cheval de Troie
C:\WINDOWS\Temp\195.tmp - Win32/Spy.Zbot.JF cheval de Troie
C:\WINDOWS\Temp\3CD.tmp - Win32/Spy.Zbot.JF cheval de Troie

Merci à toi
0
Spider_cochon78 Messages postés 8323 Date d'inscription mercredi 17 octobre 2007 Statut Contributeur Dernière intervention 6 avril 2017 1 186
3 mars 2009 à 09:42
Essaie de les nettoyer en mode sans échec, car il y a plus de chances de pouvoir les supprimer.
0
Réponse 6 / 33
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
3 mars 2009 à 09:33
Bonjour,

ça ne devrait pas suffire.

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 7 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 09:46
voilà, j'ai d'abord éssayer de les néttoyer en mode sans échec.

celui ci est partis:
C:\WINDOWS\Temp\3CD.tmp - Win32/Spy.Zbot.JF cheval de Troie


ces 2 là sont encore présent:
C:\WINDOWS\Temp\1.tmp - Win32/Spy.Zbot.JF cheval de Troie
C:\WINDOWS\Temp\195.tmp - Win32/Spy.Zbot.JF cheval de Troie


je continue ce que tu ma demander de faire Lyonnais.

je post tout sa dès que j'ai terminer.

Merci de votre aide
0
Réponse 8 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 09:52
Voilà mes 2 rapports

le 1er:


info.txt logfile of random's system information tool 1.05 2009-03-03 09:49:24

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0E43DFBD-71CF-4F61-B341-7C128FBC6AC2}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Maker by Lokas Software-->C:\WINDOWS\AWuninstall.exe Software\Lokas Ltd\3D Maker
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ACDSee 9 Gestionnaire de photos-->MsiExec.exe /I{91A06334-CB8D-422A-9699-251217674FD4}
Ad-Aware 2007-->MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Registry Tracer-->C:\Program Files\ElcomSoft\Advanced Registry Tracer\uninstall.exe
Alien Skin Exposure-->C:\filtre\ALIENS~1\Exposure\Unwise32.exe C:\filtre\ALIENS~1\Exposure\INSTALL.LOG
Alien Skin Eye Candy 5 Impact-->C:\filtre\ALIENS~1\EYECAN~3\Unwise32.exe C:\filtre\ALIENS~1\EYECAN~3\INSTALL.LOG
Alien Skin Eye Candy 5 Nature-->C:\filtre\ALIENS~1\EYECAN~2\Unwise32.exe C:\filtre\ALIENS~1\EYECAN~2\INSTALL.LOG
Alien Skin Eye Candy 5 Textures-->C:\filtre\ALIENS~1\EYECAN~1\UNWISE.EXE C:\filtre\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Xenofex 2.0-->C:\PROGRA~1\Corel\CORELP~2\plugins\ALIENS~1\UNWISE.EXE C:\PROGRA~1\Corel\CORELP~2\plugins\ALIENS~1\INSTALL.LOG
AM-DeadLink-->C:\Program Files\AM-DeadLink\uninst-dl.exe
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x40c
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV Bros. Page Curl 1.2 (Remove Only)-->C:\WINDOWS\AVUNTOOL.EXE AVBrosPageCurl
CasiV2 Toolbar-->C:\PROGRA~1\CasiV2\UNWISE.EXE C:\PROGRA~1\CasiV2\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2007-02-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVEREST Corporate Edition v4.20-->"C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
Eye Candy 4000-->C:\PROGRA~1\Corel\CORELP~4\PlugIns\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Corel\CORELP~4\PlugIns\EYECAN~1\INSTALL.LOG
FileZilla Client 3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Filters Unlimited 1.0-->c:\filtre\Setup\Setup.exe /u
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HashTab Shell Extension 1.11 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HTML Password Lock 4.1-->"C:\Program Files\HTML Password Lock\unins000.exe"
HTMLProtector-->C:\PROGRA~1\HTMLPR~1\UNWISE.EXE C:\PROGRA~1\HTMLPR~1\INSTALL.LOG
iColorFolder-->C:\Program Files\iColorFolder\uninstall.exe
IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
ISP Monitor-->C:\WINDOWS\iun6002.exe "C:\Program Files\ISP Monitor\isp.ini"
Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Development Kit 6 Update 1-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 5400 Series-->C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Microsoft .NET Framework 2.0 with Security Updates-->MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{9017040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mozilla Firefox (2.0.0.20)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{025B7033-5D4A-4B72-A1C2-84BE4BE2F72F}
Nero 7 Lite 7.7.5.1-->"C:\Program Files\Nero\unins000.exe"
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NOD32 Antivirus System-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Plugin Commander Light-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\PICO_LIG.INF, DefaultUninstall.ntx86
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime Alternative 1.81-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.52 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Script Edit-->c:\program files\Script Edit\Uninstal.exe
Scrollbar Skinner 2.0-->"C:\Program Files\Scrollbar Skinner\unins000.exe"
Secure HTML Lock-->C:\PROGRA~1\SPCKSO~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SPCKSO~1\SECURE~1\INSTALL.LOG
Security Update for Excel 2007 (KB934670)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD098537-8857-4065-B4B6-AC023CB2C48E}
Security Update for Office 2007 (KB934062)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update pour Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Shockwave Player-->MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SWiSHmax-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
Ulead ArtTexture.Plugin 1.0-->C:\WINDOWS\IsUninst.exe -fc:\filtre\At10f.isu
Ulead FantasyWarp.Plugin 1.0-->C:\WINDOWS\IsUninst.exe -fc:\filtre\Fw10t.isu
Ulead GIF-X.Plugin 2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Noslip\Ugp2f\Ugp2f.isu
Ulead Particle.Plugin 1.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Particle.Plugin\Pp10f.isu"
Uninstall DreamSuite Demo-->C:\WINDOWS\unvise32.exe c:\filtre\DreamSuite Demo\DreamSuite Demo Uninstall.log
Uninstall DreamSuite-->C:\WINDOWS\unvise32.exe c:\filtre\DreamSuite\DreamSuite Uninstall.log
Uninstall Mystical-->C:\WINDOWS\unvise32.exe c:\filtre\Mystical\Mystical Uninstall.log
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Update for Office 2007 (KB932080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB933688)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6E692F1-63C2-4760-94C6-C689DCD053F1}
Update for Office 2007 (KB934391)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB933493)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {23F2FF76-ABCD-421D-9860-0D0B2999D028}
Update for Outlook 2007 Junk Email Filter (KB934655)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F7185592-E40D-476E-9BC4-38DF96EE176B}
Update for Word 2007 (KB934173)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Virtual Magnifying Glass v3.3.1-->"C:\Program Files\Virtual Magnifying Glass\unins000.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Web Acappella-->"C:\Program Files\Intuisphere\Web Acappella\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Xenofex 1.0-->C:\filtre\UNWISE.EXE C:\filtre\INSTALL.LOG
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Securitycenter WMI appears to be broken

System event log

Computer Name: SWEET-D199ECE72
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.

Record Number: 5195
Source Name: Service Control Manager
Time Written: 20090124132640.000000+060
Event Type: Informations
User:

Computer Name: SWEET-D199ECE72
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 5194
Source Name: Service Control Manager
Time Written: 20090124132640.000000+060
Event Type: Informations
User:

Computer Name: SWEET-D199ECE72
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 5193
Source Name: Service Control Manager
Time Written: 20090124132640.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: SWEET-D199ECE72
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 5192
Source Name: Service Control Manager
Time Written: 20090124132640.000000+060
Event Type: Informations
User:

Computer Name: SWEET-D199ECE72
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 5191
Source Name: Service Control Manager
Time Written: 20090124132640.000000+060
Event Type: Informations
User:

Application event log

Computer Name: SWEET-D199ECE72
Event Code: 100
Message: msnmsgr (1012) Le moteur de base de données 5.01.2600.2780 est démarré.

Record Number: 1279
Source Name: ESENT
Time Written: 20090124132829.000000+060
Event Type: Informations
User:

Computer Name: SWEET-D199ECE72
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 1278
Source Name: usnjsvc
Time Written: 20090124132828.000000+060
Event Type:
User:

Computer Name: SWEET-D199ECE72
Event Code: 0
Message: Service started successfully.

Record Number: 1277
Source Name: Service1
Time Written: 20090124132527.000000+060
Event Type: Informations
User:

Computer Name: SWEET-D199ECE72
Event Code: 1
Message:
Record Number: 1276
Source Name: Bonjour Service
Time Written: 20090124132527.000000+060
Event Type: Informations
User:

Computer Name: SWEET-D199ECE72
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur SWEET-D199ECE72\Administrateur alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 1275
Source Name: Userenv
Time Written: 20090124052805.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------





----------------------------------------------------------------------------------------------------------------------

le 2ème :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-03-03 09:49:08
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 32 GB (45%) free of 71 GB
Total RAM: 2038 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:49:22, on 03/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
0
Réponse 9 / 33
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
3 mars 2009 à 10:10
Re,

tu es victime d'un piratage qui dérobe les mots de passe et données confidentielles, en particulier les informations bancaires.

Il faudra que tu change tous tes mots de passe en fin de désinfection.

=================

Relance HijackThis (que tu vas trouver sous le nom

C:\Program Files\trend micro\Administrateur.exe ).

Choisis Do a scan only

Coche la case devant les lignes suivantes

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system3­2\twex.exe

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

=====================
Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt3.exe pour le lancer.

Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".


:reg
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{334613DB-50C1-B3BE-95ED-E9915A134FF1}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}]
[- HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network]
UID = -




:files
%System%\twain32\local.ds
%System%\twain32\user.ds
%System%\twain32\user.ds.lll
%System%\twex.exe
%System%\twain32

:commands
[emptytemp]


Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .


=======

Télécharger GMER ( http://www2.gmer.net/gmer.zip )
Extraire le contenu du ZIP puis renommer "gmer.exe" en "bypass.exe"
Onglet "Rootkit" ; cliquez sur "SCAN" puis patienter...
En fin de traitement cliquez sur "SAVE" et enregistrer sur votre bureau "030309.txt"
Double cliquez sur "030309.txt" ; le fichier s'ouvre dans le bloc-notes.
Copiez le contenu et collez le sur votre prochain message.
0
Réponse 10 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 10:55
voilà les rapport demander, je joint également celui de HijackThis parce que la ligne ne s'en va pas.
juste une question, je fait mes payement par internet c'est sencé etre sécuriser normalement, y as t-il des risque?

log hijjackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:02, on 03/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\bypass.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\trend micro\Administrateur.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
0
Réponse 11 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 12:44
N'ayant plus d'alerte virus, j'ai fait une nouvelle analyse et il n'y as apparament plus de virus sur mon ordinateur,
Par contre sa me note ceci pour différente ligne de l'analyse qui donne un chemin et dit ceci (le fichier est verrouillé) [4]

[4] Ouverture du fichier impossible. Il est utilisé exclusivement par une autre application ou le système d'exploitation.

est-ce que sa veut dire que le piratage dont je suis victime continue?

merci
0
Spider_cochon78 Messages postés 8323 Date d'inscription mercredi 17 octobre 2007 Statut Contributeur Dernière intervention 6 avril 2017 1 186
3 mars 2009 à 13:00
Non certains fichiers systèmes restent verrouillées.
0
Réponse 12 / 33
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
3 mars 2009 à 13:53
Re,

tu es toujours infectée.


Le problème n'est pas dans la sécurité de la transmission entre ton ordi et le site bancaire. Il est dans la sécurité de ce que tu tapes sur ton ordi.


Le rapport Gmer n'est pas complet.

Poste le en entier.

Relance HijackThis (que tu vas trouver sous le nom

C:\Program Files\trend micro\Administrateur.exe ).

Choisis Do a scan only

Coche la case devant les lignes suivantes

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system3­­2\twex.exe

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

=====================
Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt3.exe pour le lancer.

Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".


:reg
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{334613DB-50C1-B3BE-95ED-E9915A134FF1}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}]
[- HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network]
UID = -




:files
C:\WINDOWS\system3­2\twain32\local.ds
C:\WINDOWS\system3­2\twain32\user.ds
C:\WINDOWS\system3­2\twain32\user.ds.lll
C:\WINDOWS\system3­2\twex.exe
C:\WINDOWS\system3­2\twain32

:commands
[emptytemp]


Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
0
Réponse 13 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 14:33
voilà j'ai relancé hijack this, j'ai de nouveau cocher la ligne et fait fix cheked, mais elle ne part toujours pas

Voilà le log de OTMoveIT
et j'envoi le log de GMER sur le message suivant

========== REGISTRY ==========
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}\\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{334613DB-50C1-B3BE-95ED-E9915A134FF1}\\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}\\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider\\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}\\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\\UID | - /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system3­2\twain32\local.ds not found.
File/Folder C:\WINDOWS\system3­2\twain32\user.ds not found.
File/Folder C:\WINDOWS\system3­2\twain32\user.ds.lll not found.
File/Folder C:\WINDOWS\system3­2\twex.exe not found.
File/Folder C:\WINDOWS\system3­2\twain32 not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2FA0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_144.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03032009_140020

Files moved on Reboot...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2FA0.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_144.dat not found!
0
Réponse 14 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 14:34
j'ai un souçis pour poster tout le log GMER, j vais l'envoyer en 2 fois
0
Réponse 15 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 14:37
pour le log GMER je doit l'envoyer en plusieur fois, car il ne met pas tout

1ère partie

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-03 10:53:01
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF74ED0D0]
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT sptd.sys ZwOpenKey [0xF74ED0B0]
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT sptd.sys ZwSetValueKey [0xF74F34AA]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload B979B62C 5 Bytes JMP 899271C8

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!DialogBoxParamW 7E3A5F8F 5 Bytes JMP 4437F2A1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!DialogBoxIndirectParamW 7E3B2062 5 Bytes JMP 445103AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!MessageBoxIndirectA 7E3BA06A 5 Bytes JMP 44510330 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!DialogBoxParamA 7E3BB12C 5 Bytes JMP 44510374 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!MessageBoxExW 7E3D0750 5 Bytes JMP 445102BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!MessageBoxExA 7E3D0774 5 Bytes JMP 445102F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!DialogBoxIndirectParamA 7E3D6CD0 5 Bytes JMP 445103EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3636] USER32.dll!MessageBoxIndirectW 7E3E6425 5 Bytes JMP 443A1646 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F7504350] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75042FC] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F752693A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7504350] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EDAD0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EDC16] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EDB98] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EE744] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74EE61A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F750357E] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[232] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Bonjour\mDNSResponder.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Java\jre6\bin\jqs.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[412] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Eset\nod32kui.exe[436] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\hkcmd.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxpers.exe[500] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\RTHDCPL.EXE[532] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxsrvc.exe[564] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Lexmark 5400 Series\lxctmon.exe[592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Lexmark 5400 Series\ezprint.exe[660] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00C24FE8
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C24FE8
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C24F34
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C24ECF
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C24E9D
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C24FE8
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00C25556
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00C252A1
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C25556
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00C252A1
IAT C:\WINDOWS\system32\services.exe[828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00C25556
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CD4FE8
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CD4F34
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CD4ECF
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CD4E9D
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00CD4F34
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CD4FE8
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00CD4F34
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00CD4ECF
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00CD52A1
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00CD5556
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00CD5556
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00CD52A1
IAT C:\WINDOWS\system32\lsass.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00CD5556
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe[904] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\svchost.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007B4E9D
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084FE8
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00084F34
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00084ECF
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084E9D
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000852A1
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000852A1
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\ctfmon.exe[1032] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084FE8
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BA4FE8
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BA4F34
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BA4ECF
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BA4E9D
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BA52A1
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BA5556
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BA5556
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BA52A1
IAT C:\WINDOWS\system32\svchost.exe[1072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BA5556
IAT C:\WINDOWS\system32\svchost.exe[1072] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BA4FE8
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Skype\Phone\Skype.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]
0
Réponse 16 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 14:40
voilà la 2ème partie du log GMER


IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 016A4FE8
IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 016A4F34
IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 016A4ECF
IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 016A4E9D
IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 016A52A1
IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 016A5556
IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 016A5556
IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 016A52A1
IAT C:\WINDOWS\System32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 016A5556
IAT C:\WINDOWS\System32\svchost.exe[1184] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 016A4FE8
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\ISP Monitor\isp.exe[1260] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe[1300] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\IncrediMail\bin\ImApp.exe[1364] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084FE8
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00084F34
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00084ECF
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084E9D
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000852A1
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000852A1
IAT C:\WINDOWS\system32\wuauclt.exe[1612] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084FE8
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 00E45556
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E44FE8
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E44F34
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E44ECF
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E44E9D
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E45556
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E45556
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E452A1
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E452A1
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E45556
IAT C:\WINDOWS\Explorer.EXE[1744] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E44FE8
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\lxctcoms.exe[1756] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe[1984] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\System32\alg.exe[2512] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Eset\nod32krn.exe[2608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Documents and Settings\Administrateur\Bureau\bypass.exe[2680] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\PSIService.exe[2780] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[2864] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Internet Explorer\iexplore.exe[3636] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3884] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3916] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 89B8C1E8

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \Driver\NetBT \Device\NetBT_Tcpip_{EAB40BB9-0278-4ADB-AC61-196A0FCE849C} 89529790
Device \Driver\usbuhci \Device\USBPDO-0 899265D0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89BFF1E8
Device \Driver\dmio \Device\DmControl\DmConfig 89BFF1E8
Device \Driver\dmio \Device\DmControl\DmPnP 89BFF1E8
Device \Driver\dmio \Device\DmControl\DmInfo 89BFF1E8
Device \Driver\usbehci \Device\USBPDO-1 89903440
Device \Driver\usbuhci \Device\USBPDO-2 899265D0
Device \Driver\usbuhci \Device\USBPDO-3 899265D0
Device \Driver\usbehci \Device\USBPDO-4 89903440
Device \Driver\usbuhci \Device\USBPDO-5 899265D0
Device \Driver\usbuhci \Device\USBPDO-6 899265D0
Device \Driver\Ftdisk \Device\HarddiskVolume1 89B8E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89B8E1E8
Device \Driver\Cdrom \Device\CdRom0 89B05580
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89B8D1E8
Device \Driver\atapi \Device\Ide\IdePort0 89B8D1E8
Device \Driver\atapi \Device\Ide\IdePort1 89B8D1E8
Device \Driver\atapi \Device\Ide\IdePort2 89B8D1E8
Device \Driver\atapi \Device\Ide\IdePort3 89B8D1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 89B8D1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89529790
Device \Driver\NetBT \Device\NetbiosSmb 89529790
Device \Driver\usbuhci \Device\USBFDO-0 899265D0
Device \Driver\usbuhci \Device\USBFDO-1 899265D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89555790
Device \Driver\usbehci \Device\USBFDO-2 89903440
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89555790
Device \Driver\usbuhci \Device\USBFDO-3 899265D0
Device \Driver\usbuhci \Device\USBFDO-4 899265D0
Device \Driver\Ftdisk \Device\FtControl 89B8E1E8
Device \Driver\usbuhci \Device\USBFDO-5 899265D0
Device \Driver\usbehci \Device\USBFDO-6 89903440
Device \FileSystem\Cdfs \Cdfs 895F4790

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 1

---- Files - GMER 1.0.14 ----

File C:\WINDOWS\system32\twain32 0 bytes
File C:\WINDOWS\system32\twain32\local.ds 12824 bytes
File C:\WINDOWS\system32\twain32\user.ds 0 bytes
File C:\WINDOWS\system32\twex.exe 123904 bytes executable

---- EOF - GMER 1.0.14 ----
0
Réponse 17 / 33
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
3 mars 2009 à 15:44
Re,

on va changer d'outil.

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
0
Réponse 18 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 16:57
Re

Voilà Lyonnais, j'ai fait combo fix, mais je crois avoir faire une erreur quelque part, pourtant j'avait tout noté, enfin voilà je te montre le log.

ComboFix 09-03-02.03 - Administrateur 2009-03-03 16:47:01.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2038.1515 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\~.exe
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-03 10:31 . 2009-03-03 10:31 <REP> d-------- C:\_OTMoveIt
2009-03-03 09:49 . 2009-03-03 09:49 <REP> d-------- C:\rsit
2009-03-03 09:49 . 2009-03-03 13:58 <REP> d-------- c:\program files\trend micro
2009-03-03 08:06 . 2004-08-04 05:55 14,336 --a------ c:\windows\system32\svchost.exe
2009-02-27 00:53 . 2009-02-27 00:53 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DivX
2009-02-27 00:52 . 2009-02-27 11:31 <REP> d-------- c:\program files\DivX
2009-02-22 02:20 . 2009-02-22 02:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AniTuner
2009-02-18 15:27 . 2009-02-18 15:30 <REP> d-------- c:\program files\123 Flash Menu
2009-02-18 15:25 . 2009-02-18 15:25 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Thinstall
2009-02-17 12:49 . 2009-02-17 12:49 2,528 --a------ c:\windows\system32\settings.aaw
2009-02-17 12:49 . 2009-02-17 12:49 848 --a------ c:\windows\system32\history.aaw
2009-02-09 17:14 . 2009-02-14 22:31 <REP> d-------- c:\program files\Vertus Fluid Mask 3
2009-02-09 17:10 . 2009-02-09 17:10 1,024 --a------ c:\windows\system32\m0574at.tgz
2009-02-09 17:09 . 2009-02-09 17:09 <REP> d-------- c:\documents and settings\All Users\Application Data\VertusTech
2009-02-04 12:15 . 2009-02-04 12:15 268 --ah----- C:\sqmdata03.sqm
2009-02-04 12:15 . 2009-02-04 12:15 244 --ah----- C:\sqmnoopt03.sqm
2009-02-03 17:50 . 2009-02-03 17:50 268 --ah----- C:\sqmdata02.sqm
2009-02-03 17:50 . 2009-02-03 17:50 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 13:19 --------- d-----w c:\documents and settings\Administrateur\Application Data\Skype
2009-03-02 17:43 --------- d-----w c:\documents and settings\Administrateur\Application Data\FileZilla
2009-02-24 15:07 --------- d-----w c:\program files\IncrediMail
2009-02-24 15:01 --------- d-----w c:\program files\CasiV2
2009-02-22 01:19 --------- d-----w c:\program files\AniTuner
2009-02-19 15:26 --------- d-----w c:\documents and settings\Administrateur\Application Data\skypePM
2009-02-16 20:01 7,520 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-02-15 19:21 --------- d-----w c:\program files\FileZilla FTP Client
2009-02-14 21:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss
2009-02-14 21:18 --------- d-----w c:\program files\Lx_cats
2009-02-07 19:11 --------- d-----w c:\program files\Jewel Quest 3
2009-02-02 17:11 --------- d-----w c:\program files\HTMLProtector
2009-02-02 10:29 --------- d-----w c:\program files\BelSoft
2009-02-02 09:57 --------- d-----w c:\program files\HTML Password Lock
2009-02-02 09:15 --------- d-----w c:\program files\SPCK Software
2009-02-01 20:19 --------- d-----w c:\documents and settings\Administrateur\Application Data\Corel
2009-02-01 00:53 --------- d-----w c:\program files\Jewel Quest 2
2009-01-31 15:23 --------- d-----w c:\program files\Ulead GIF-X.Plugin 2.0
2009-01-30 18:05 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-29 07:51 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-27 11:16 --------- d-----w c:\documents and settings\Administrateur\Application Data\iWin
2009-01-26 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-26 11:22 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2009-01-26 11:22 --------- d-----w c:\program files\AVS4YOU
2009-01-26 11:22 --------- d-----w c:\program files\Audacity
2009-01-26 11:17 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-26 11:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\AVS4YOU
2009-01-22 09:00 --------- d-----w c:\program files\SWiSHmax
2009-01-20 14:26 --------- d-----w c:\program files\Intuisphere
2009-01-13 03:14 --------- d-----w c:\program files\Google
2009-01-12 10:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\Samsung
2009-01-12 10:55 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-01-12 10:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-12 10:44 --------- d-----w c:\program files\Samsung
2009-01-11 10:59 --------- d-----w c:\program files\GamersFirst
2009-01-10 00:10 --------- d-----w c:\program files\AM-DeadLink
2009-01-09 23:55 --------- d-----w c:\program files\Virtual Magnifying Glass
2009-01-09 20:31 --------- d-----w c:\program files\Lexmark 5400 Series
2009-01-09 20:31 --------- d-----w c:\documents and settings\Administrateur\Application Data\5400 Series
2009-01-09 20:29 --------- d-----w c:\documents and settings\All Users\Application Data\5400 Series
2009-01-09 20:28 --------- d-----w c:\program files\Lexmark Toolbar
2009-01-09 20:28 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-01-07 16:03 485 ---ha-w C:\os973782.bin
2009-01-05 15:46 --------- d-----w c:\program files\Fichiers communs\SWiSHzone.com
2009-01-04 11:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\Smart-Shopper
2009-01-03 17:49 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-03 17:49 --------- d-----w c:\documents and settings\Administrateur\Application Data\Nikon
2008-12-31 13:38 106,496 ----a-w c:\windows\system32\ATL71.DLL
2008-12-30 01:34 44,544 ------w c:\windows\AWuninstall.exe
2008-12-24 18:46 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-23 16:59 147,456 ----a-w c:\windows\AVUNTOOL.EXE
2008-12-23 00:13 737,280 ----a-w c:\windows\iun6002.exe
2008-12-22 20:34 96,864 ----a-w c:\windows\~GLC0001.TMP
2008-12-22 20:27 96,864 ----a-w c:\windows\~GLC0000.TMP
2008-12-22 12:20 480,848 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-12-21 18:58 298,104 ----a-w c:\windows\system32\imon.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 13:23 18,063,872 ----a-w c:\windows\RTHDCPL.EXE
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-23 11:38 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-23 11:38 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-23 11:38 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-23 11:38 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-23 11:38 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\tcpip.sys
2007-06-26 21:18 360576 c7be59b07c6eb74bea6fd67c1b164015 c:\windows\system32\drivers\tcpip.sys

2004-08-04 05:54 1227264 e28d16a8d63eca6246921fdf7cbde42a c:\windows\explorer.exe
2004-08-04 05:54 1227264 e28d16a8d63eca6246921fdf7cbde42a c:\windows\icon_TMP\explorer.exe
2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\explorer.exe
2004-08-04 05:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\system_backup\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd94d4cb-3822-41a8-8f41-3efb871a340b}"= "c:\program files\CasiV2\tbCas1.dll" [2009-02-24 1882136]

[HKEY_CLASSES_ROOT\clsid\{cd94d4cb-3822-41a8-8f41-3efb871a340b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd94d4cb-3822-41a8-8f41-3efb871a340b}]
2009-02-24 16:01 1882136 --a------ c:\program files\CasiV2\tbCas1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd94d4cb-3822-41a8-8f41-3efb871a340b}"= "c:\program files\CasiV2\tbCas1.dll" [2009-02-24 1882136]

[HKEY_CLASSES_ROOT\clsid\{cd94d4cb-3822-41a8-8f41-3efb871a340b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD94D4CB-3822-41A8-8F41-3EFB871A340B}"= "c:\program files\CasiV2\tbCas1.dll" [2009-02-24 1882136]

[HKEY_CLASSES_ROOT\clsid\{cd94d4cb-3822-41a8-8f41-3efb871a340b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-22 68856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-24 251264]
"ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2007-06-17 438608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-21 949376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 286720]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-07-11 294912]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 98304]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-06-26 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-21 15424]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl [2008-12-21 19:39:19 13560]
R2 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [2007-06-02 36864]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/french/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 16:48:07
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Heure de fin: 2009-03-03 16:49:12
ComboFix-quarantined-files.txt 2009-03-03 15:49:10

Avant-CF: 33 534 402 560 octets libres
Après-CF: 33,548,566,528 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

234
0
Réponse 19 / 33
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
3 mars 2009 à 18:02
Re,

fais redémarrer l'ordi et reposte un rapport Hijackthis.
0
Réponse 20 / 33
emeralde061 Messages postés 21 Date d'inscription mardi 3 mars 2009 Statut Membre Dernière intervention 5 mars 2009
3 mars 2009 à 18:15
Re-

Merci Lyonnais, voilà j'ai redémarrer, refait un scan hijack this, voici le log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:00, on 03/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\trend micro\Administrateur.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: CasiV2 Toolbar - {cd94d4cb-3822-41a8-8f41-3efb871a340b} - C:\Program Files\CasiV2\tbCas1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
0

Discussions similaires

Livebox s'allume mais marque pas de réseau orange
Bebelle -
kaumune -

9 réponses
Comment enlever l'audiodescription pour non voyant ?
chantal1234 -
Sim -

52 réponses
Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
munstef676 -

11 réponses
Comment bloquer les likes et les commentaires sur ma PP Facebook ?
AlexisBrsw -
rico -

6 réponses
libellé page1 excel
imazi -
Raymond PENTIER -

7 réponses