GROS PROBLEME VIRUS SPYWARE GUARD 2008
Forum Sécurité - Virus : GROS PROBLEME VIRUS SPYWARE GUARD 2008
bonjour a vous tous ,voila mon gros soucis depuis 24 h ,j ai se spyware guard 2008 qui me fait tourner la tete avec en plus windows security center .
sa fait plus de 10 h que j y suis ,j ai tout essayer rien ni fait meme avec ccleaner pas possible avec spy hunter pareil ,je suis perdu .
enfin voila j espere que avec votre aide sa va changer merci d avance
a savoir aussi que d que je ouvre une page web sa m ouvre une autre automatiquement
Bonjour,
Je vais t'aider à résoudre ton problème. Merci de suivre à la lettre mes instructions et de ne pas prendre d'initiatives personnelles. Si tu as la moindre question, je suis à ton écoute.
Merci de prendre en compte que je suis bénévole et que j'ai une vie privée : je passe au moins une fois par jour.
Si tu penses avoir été oublié, envoie-moi un MP pour me le signaler.
1) Télécharge Gmer.
- Dézippe-le dans un dossier dédié ou sur ton Bureau.
- Déconnecte toi d'Internet puis ferme tous les programmes.
- Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
- Clique sur l'onglet Rootkit.
- A droite, coche tout.
- Clique maintenant sur Scan.
- Lorsque le scan est terminé, clique sur Copy.
- Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
- Le rapport doit alors apparaître.
- Enregistre le fichier sur ton Bureau et poste le contenu ici.
2) Télécharge DDS de sUBs et sauvegarde-le sur ton bureau.
- Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
- Double-clique sur dds.scr pour lancer l'outil. Ne double clique qu'une seule fois dessus, sois patient !
- Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
- Clique Oui à la prochaine invite Optional Scan.
- Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt, garde l'autre sous la main si jamais je te le demande.
N.B : Je risque de ne pas pouvoir te répondre avant demain soir, donc sois patient, je résoudrai ton problème. Et ne prends pas d'initiatives personnelles, si tu veux que mon aide soit la plus efficace possible.
slt merci de prendre de ton temp avec moi voici se que tu ma demander
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-03 19:44:10
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT sptd.sys ZwCreateKey [0xF72BBB3A] <-- ROOTKIT !!!
SSDT sptd.sys ZwEnumerateKey [0xF72BBC7E] <-- ROOTKIT !!!
SSDT sptd.sys ZwEnumerateValueKey [0xF72BBFF6] <-- ROOTKIT !!!
SSDT sptd.sys ZwOpenKey [0xF72BBA18] <-- ROOTKIT !!!
SSDT sptd.sys ZwQueryKey [0xF72BC0C0] <-- ROOTKIT !!!
SSDT sptd.sys ZwQueryValueKey [0xF72BBF58] <-- ROOTKIT !!!
SSDT sptd.sys ZwSetValueKey [0xF72BC148] <-- ROOTKIT !!!
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD1981.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF705C6 769614E5 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF705D6 769614F5 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF705DA 769614F9 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF705E2 76961501 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF70606 76961525 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + B 76966362 4 Bytes [ 46, 00, 61, 00 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + 10 76966367 42 Bytes [ 00, 6F, 00, 72, 00, 69, 00, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + 3B 76966392 5 Bytes [ 74, 00, 65, 00, 73 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + 41 76966398 7 Bytes [ 00, 00, 90, 90, 43, 00, 6F ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + 49 769663A0 93 Bytes [ 6D, 00, 6D, 00, 6F, 00, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + 1B 769666BC 77 Bytes [ 90, 90, 90, 90, 68, 4C, 14, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + 88 76966729 11 Bytes [ 00, 8D, 4E, 38, C6, 46, 30, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + 94 76966735 53 Bytes [ FF, C7, 46, 34, 01, 00, 01, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + CA 7696676B 107 Bytes [ 15, 88, 13, 96, 76, 59, 59, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + 136 769667D7 59 Bytes [ 75, 14, 8D, 4E, 24, E8, 25, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + 2F 769669C4 115 Bytes [ 0F, 84, 0A, 42, 03, 00, 68, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + A3 76966A38 31 Bytes [ 65, 00, 76, 00, 65, 00, 6C, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + C3 76966A58 14 Bytes [ 6E, 00, 00, 00, 31, 00, 00, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + D4 76966A69 26 Bytes [ 5C, 00, 00, 31, 23, 00, 00, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + EF 76966A84 7 Bytes [ 6C, 7A, 04, 00, CF, 91, 04 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 2 769675AC 35 Bytes [ 02, 0F, 85, 2C, 42, 01, 00, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 40 769675EA 26 Bytes [ 0F, 84, 08, 42, 01, 00, 8D, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 5C 76967606 6 Bytes [ 74, 63, 8B, 85, E0, FB ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 64 7696760E 28 Bytes [ 39, 30, 72, 59, 8D, 85, F4, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 81 7696762B 18 Bytes [ 01, 00, 00, 00, 8B, 85, E0, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 2 76967735 27 Bytes [ 15, 04, 11, 96, 76, 8B, F8, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 1E 76967751 18 Bytes [ 50, 8D, 85, 18, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 31 76967764 36 Bytes [ FF, C7, 85, 28, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 56 76967789 62 Bytes [ FF, 15, 00, 11, 96, 76, 8D, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 95 769677C8 6 Bytes [ 50, FF, B5, 20, FD, FF ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 15 76967CBA 17 Bytes [ 85, 0C, 00, 00, FF, 75, E8, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 27 76967CCC 15 Bytes [ 68, C4, 7C, 96, 76, 68, B0, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 37 76967CDC 29 Bytes CALL 879692E0
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 55 76967CFA 21 Bytes [ F4, 74, 09, FF, 75, F4, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 6B 76967D10 63 Bytes [ 15, AC, 12, 96, 76, 8B, 45, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + 16 7696861D 63 Bytes [ 85, C0, 0F, 84, 53, 32, 01, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + 56 7696865D 114 Bytes [ 18, FD, FF, FF, 50, 56, 68, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + CA 769686D1 16 Bytes [ 50, FF, B5, 20, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + DB 769686E2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + DD 769686E4 37 Bytes [ 8B, 85, 24, FD, FF, FF, 89, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 21 7696899B 3 Bytes [ 00, 6A, 40 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 26 769689A0 2 Bytes [ B8, 12 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 2A 769689A4 53 Bytes [ 3B, C6, 89, 85, F0, FD, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 60 769689DA 1 Byte [ 10 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 62 769689DC 9 Bytes [ 00, C7, 85, D0, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + 71 76968EE2 6 Bytes [ 33, F6, E9, DA, 17, 00 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + AF 76968F20 7 Bytes [ FF, 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + B7 76968F28 118 Bytes [ 55, 8B, EC, 83, EC, 1C, 56, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + 12E 76968F9F 51 Bytes [ 35, 90, 12, A0, 76, FF, D6, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + 162 76968FD3 266 Bytes [ 35, 90, 12, A0, 76, FF, D6, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 5F 769690DE 1 Byte [ 65 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 61 769690E0 1 Byte [ 74 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 63 769690E2 1 Byte [ 61 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 65 769690E4 1 Byte [ 70 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 67 769690E6 1 Byte [ 69 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + D 7696950C 3 Bytes [ 20, 00, 69 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + 11 76969510 19 Bytes [ 6D, 00, 70, 00, 65, 00, 72, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + 25 76969524 53 Bytes [ 20, 00, 75, 00, 73, 00, 65, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + 5B 7696955A 123 Bytes [ 75, FC, 89, 75, F4, E8, DA, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + D7 769695D6 33 Bytes [ D3, 85, C0, 0F, 84, E6, 01, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + 1B 7696AD37 8 Bytes [ 78, 24, 89, 78, 20, 89, 78, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + 24 7696AD40 12 Bytes [ 78, 2C, 8B, F0, 3B, F7, 0F, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + 67 7696AD83 2 Bytes [ C4, FD ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + 6B 7696AD87 80 Bytes [ FF, 75, F8, FF, 46, 24, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + BC 7696ADD8 101 Bytes [ 61, 00, 67, 00, 65, 00, 72, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + 5 7696E624 2 Bytes [ DD, 96 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + 31 7696E650 72 Bytes [ F6, 06, 01, 75, 3B, 8D, 85, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + 9D 7696E6BC 6 Bytes [ 85, C0, 0F, 84, 07, EC ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + A5 7696E6C4 123 Bytes [ 8D, 85, 7C, FE, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + 121 7696E740 79 Bytes [ FF, 50, 53, FF, B5, 7C, FE, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 7 7696F11E 11 Bytes [ 65, 00, 5C, 00, 4D, 00, 69, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 13 7696F12A 57 Bytes [ 6F, 00, 73, 00, 6F, 00, 66, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 4D 7696F164 19 Bytes [ 6F, 00, 6E, 00, 5C, 00, 57, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 61 7696F178 1 Byte [ 6E ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 63 7696F17A 15 Bytes [ 5C, 00, 47, 00, 50, 00, 45, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + 8 7697113B 3 Bytes [ 14, 96, 76 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + C 7697113F 83 Bytes [ C0, 7C, 1F, 8D, 45, FC, 50, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + 60 76971193 20 Bytes [ 0F, 85, 75, D8, FF, FF, E9, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + 75 769711A8 6 Bytes [ 39, BD, 10, FE, FF, FF ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + 7D 769711B0 9 Bytes [ C8, D8, FF, FF, 39, BD, 74, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + 2 76974373 23 Bytes [ 50, 56, 68, 3C, 2B, 97, 76, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + 1A 7697438B 45 Bytes [ FF, 04, 00, 00, 00, FF, D7, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + 48 769743B9 58 Bytes [ FC, FF, FF, 50, FF, B5, 3C, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + 83 769743F4 86 Bytes [ 39, B5, 48, FC, FF, FF, 74, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + DA 7697444B 15 Bytes [ FF, 39, B5, 50, FC, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 2C 769798C0 68 Bytes [ 33, F6, EB, 0A, B8, 39, 05, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 71 76979905 196 Bytes [ 0E, 89, 08, 8B, CE, E8, 3C, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 136 769799CA 40 Bytes [ 75, 08, FF, 37, FF, D3, 3B, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 15F 769799F3 128 Bytes [ 75, FC, FF, D7, 3B, C6, 89, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 1E0 76979A74 1 Byte [ 72 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 2D 769A3A56 29 Bytes [ 75, 00, 6C, 00, 64, 00, 6E, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 4B 769A3A74 17 Bytes [ 20, 00, 6D, 00, 65, 00, 6D, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 5D 769A3A86 27 Bytes [ 6F, 00, 72, 00, 20, 00, 77, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 79 769A3AA2 11 Bytes [ 66, 00, 65, 00, 72, 00, 2E, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 85 769A3AAE 195 Bytes [ 72, 00, 72, 00, 6F, 00, 72, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + 36 769A7821 27 Bytes [ FF, 15, 80, 11, 96, 76, 33, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + 52 769A783D 19 Bytes [ 15, 90, 11, 96, 76, 3B, C7, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + 66 769A7851 15 Bytes [ 39, 3D, C8, 12, A0, 76, 74, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + 76 769A7861 115 Bytes [ 57, EB, 51, 8B, 3D, 78, 12, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + EA 769A78D5 38 Bytes [ FF, D6, 50, 8D, 4D, E4, E8, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 14 769A7F43 115 Bytes [ 3B, C3, 8B, 3D, D4, 11, 96, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 88 769A7FB7 7 Bytes [ EB, 26, 68, C8, 70, 9A, 76 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 90 769A7FBF 5 Bytes [ 35, A8, 13, A0, 76 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 96 769A7FC5 1 Byte [ D6 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 98 769A7FC7 146 Bytes [ C3, A3, B4, 13, A0, 76, 75, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + 31 769A80E4 58 Bytes [ 48, 00, 6C, 00, 70, 00, 41, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + 6C 769A811F 88 Bytes [ 00, 6E, 00, 74, 00, 72, 00, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + C5 769A8178 1 Byte [ 20 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + C7 769A817A 1 Byte [ 66 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + C9 769A817C 1 Byte [ 69 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + 55 769A82AA 1 Byte [ A0 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + 57 769A82AC 8 Bytes [ 0F, 84, 17, 01, 00, 00, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + 60 769A82B5 60 Bytes [ 68, 68, 77, 9A, 76, E9, 01, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + 9D 769A82F2 2 Bytes [ 9A, 76 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + A0 769A82F5 5 Bytes [ 35, 58, 2D, A0, 76 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + 1B 769A8412 175 Bytes [ F3, AB, 8D, 4D, E4, 89, 5D, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + CB 769A84C2 1 Byte [ 73 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + CD 769A84C4 1 Byte [ 32 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + CF 769A84C6 1 Byte [ 5F ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + D1 769A84C8 1 Byte [ 33 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + B1 769A87CA 1 Byte [ 2E ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + B3 769A87CC 1 Byte [ 00 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + B5 769A87CE 3 Bytes [ 90, 90, 77 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + B9 769A87D2 1 Byte [ 73 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + BB 769A87D4 1 Byte [ 32 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + 4D 769A8D56 9 Bytes [ D6, 8B, 45, 0C, 5E, 5F, 5B, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + 57 769A8D60 42 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + 82 769A8D8B 46 Bytes [ 15, B8, 12, 96, 76, 8B, D8, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + B1 769A8DBA 26 Bytes [ 56, 8B, 35, AC, 12, 96, 76, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + CC 769A8DD5 78 Bytes [ 1B, 39, 45, 0C, 74, 13, 50, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListA + 37 769A8E24 51 Bytes [ 15, B8, 12, 96, 76, 8B, D8, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListA + 72 769A8E5F 60 Bytes [ 0C, FF, D6, 33, C0, 3B, F8, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 1C 769A8E9C 8 Bytes [ FF, 55, 8B, EC, 6A, 00, 6A, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 27 769A8EA7 32 Bytes [ FF, 75, 0C, FF, 75, 08, E8, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 48 769A8EC8 2 Bytes [ 9B, 4B ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 4E 769A8ECE 42 Bytes [ 85, F6, 74, 52, 53, FF, 75, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 79 769A8EF9 3 Bytes [ FF, 8B, F8 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + 47 769A8FC2 18 Bytes [ 56, 56, FF, D7, 3B, 45, FC, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + 5A 769A8FD5 16 Bytes [ 75, 08, 6A, FF, FF, 75, 0C, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + 6B 769A8FE6 37 Bytes [ 15, 54, 12, 96, 76, 8B, C7, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + 91 769A900C 45 Bytes [ 73, 00, 44, 00, 69, 00, 72, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + BF 769A903A 1 Byte [ 20 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 3C 769B0C19 6 Bytes [ 00, 4C, 00, 6F, 00, 63 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 43 769B0C20 37 Bytes [ 61, 00, 6C, 00, 48, 00, 69, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 69 769B0C46 1 Byte [ 3E ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 6B 769B0C48 35 Bytes [ 00, 00, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 8F 769B0C6C 1 Byte [ 3A ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + 11 769B4F92 78 Bytes [ FB, FF, FF, 50, FF, D7, 8D, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + 60 769B4FE1 4 Bytes [ B5, CC, F7, FF ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + 6B 769B4FEC 5 Bytes [ B5, C8, F7, FF, FF ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + 71 769B4FF2 12 Bytes [ 15, F0, 12, 96, 76, 8B, 4D, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + A4 769B5025 1 Byte [ A0 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 4B 769BD972 7 Bytes [ 70, 00, 72, 00, 6F, 00, 66 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 53 769BD97A 11 Bytes [ 69, 00, 6C, 00, 65, 00, 20, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 5F 769BD986 7 Bytes [ 72, 00, 76, 00, 65, 00, 72 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 67 769BD98E 35 Bytes [ 20, 00, 77, 00, 69, 00, 74, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 8B 769BD9B2 9 Bytes [ 6E, 00, 6C, 00, 6F, 00, 61, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 18B 769CEA62 1 Byte [ 72 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 18D 769CEA64 1 Byte [ 6F ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 18F 769CEA66 3 Bytes [ 63, 00, 65 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 193 769CEA6A 1 Byte [ 73 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 195 769CEA6C 1 Byte [ 73 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 1D 769CF8B8 1 Byte [ 20 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 1F 769CF8BA 7 Bytes [ 63, 00, 6F, 00, 6E, 00, 74 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 27 769CF8C2 1 Byte [ 72 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 29 769CF8C4 30 Bytes [ 6F, 00, 6C, 00, 2E, 00, 65, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 48 769CF8E3 2 Bytes [ 12, A0 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 1 769CFB4E 33 Bytes [ 46, 2C, 3B, C7, 8B, 3D, 68, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 23 769CFB70 19 Bytes [ D7, 8B, 46, 38, 85, C0, 74, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 37 769CFB84 3 Bytes [ 8F, 76, F9 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 3B 769CFB88 78 Bytes [ 8B, 46, 74, 85, C0, 74, 03, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 8A 769CFBD7 23 Bytes [ 50, 6A, 6D, FF, 35, E4, 12, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 7 769D07A2 17 Bytes [ 69, 00, 6E, 00, 74, 00, 20, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 19 769D07B4 75 Bytes [ 6C, 00, 20, 00, 3C, 00, 25, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 65 769D0800 17 Bytes [ 6C, 00, 65, 00, 64, 00, 20, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 77 769D0812 31 Bytes [ 65, 00, 72, 00, 79, 00, 20, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 97 769D0832 1 Byte [ 50 ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetPreviousFgPolicyRefreshInfo + 6 769D26CF 32 Bytes [ FF, D6, 39, BD, C4, FD, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetPreviousFgPolicyRefreshInfo + 27 769D26F0 3 Bytes [ C9, C2, 0C ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetPreviousFgPolicyRefreshInfo + 2B 769D26F4 10 Bytes [ 39, 3D, C8, 12, A0, 76, 74, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + 1B 769D271D 14 Bytes [ F9, FF, 83, C4, 10, EB, AD, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + 2A 769D272C 179 Bytes [ 76, 00, 65, 00, 4D, 00, 65, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + DE 769D27E0 139 Bytes [ 64, 00, 65, 00, 53, 00, 74, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + 16A 769D286C 73 Bytes [ 69, 00, 74, 00, 68, 00, 20, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + 1B4 769D28B6 1 Byte [ 6F ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + 9 769D400C 1 Byte [ 20 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + B 769D400E 78 Bytes [ 56, 00, 65, 00, 72, 00, 73, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + 5A 769D405D 34 Bytes [ 00, 3A, 00, 20, 00, 46, 00, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + 7D 769D4080 15 Bytes [ 70, 00, 74, 00, 69, 00, 6F, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + 8D 769D4090 13 Bytes [ 65, 00, 67, 00, 20, 00, 76, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + 11 769D695A 100 Bytes [ 75, F4, FF, 75, 14, 50, FF, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + 76 769D69BF 41 Bytes [ 70, 04, FF, 76, 70, E8, 95, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + A0 769D69E9 46 Bytes [ 14, 6A, 01, EB, 02, 57, 57, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + CF 769D6A18 29 Bytes [ 61, 00, 63, 00, 68, 00, 41, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + ED 769D6A36 41 Bytes [ 73, 00, 74, 00, 3A, 00, 20, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 15 769D7A54 125 Bytes [ E4, 39, 3D, C8, 12, A0, 76, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 93 769D7AD2 153 Bytes [ 40, FF, 15, B8, 12, 96, 76, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 12E 769D7B6D 70 Bytes CALL 769A5CAA C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation)
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 175 769D7BB4 1 Byte [ 01 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 178 769D7BB7 35 Bytes [ 6A, 01, 6A, 01, 57, FF, 73, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + 7D 769EDFC2 65 Bytes [ 90, 90, 90, 90, 90, 90, 50, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + BF 769EE004 1 Byte [ 61 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + C1 769EE006 25 Bytes [ 69, 00, 6C, 00, 65, 00, 64, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + DB 769EE020 11 Bytes [ 63, 00, 6F, 00, 64, 00, 65, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + E7 769EE02C 53 Bytes [ 30, 00, 78, 00, 25, 00, 30, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + 5F 769EE858 13 Bytes [ 6B, 00, 65, 00, 6E, 00, 20, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + 6D 769EE866 1 Byte [ 78 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + 6F 769EE868 67 Bytes [ 70, 00, 61, 00, 6E, 00, 64, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + B3 769EE8AC 1 Byte [ 78 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + B5 769EE8AE 26 Bytes [ 25, 00, 78, 00, 00, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllCanUnloadNow + 17 769EECEC 150 Bytes [ 0F, 8C, C1, 01, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllRegisterServer + 91 769EED84 48 Bytes [ 33, C0, 3B, C1, 0F, 84, 90, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllRegisterServer + C2 769EEDB5 6 Bytes [ 8B, 45, F4, 3B, 45, 0C ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllRegisterServer + C9 769EEDBC 62 Bytes [ 0F, 82, AE, FD, FF, FF, 33, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 1 769EEEA4 105 Bytes [ C7, 75, 1B, 89, 03, EB, 1D, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 6B 769EEF0E 30 Bytes [ 3B, C7, 59, 74, 0A, 89, 30, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 8A 769EEF2D 148 Bytes [ FF, EB, 07, 89, 43, 04, C6, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 133 769EEFD6 30 Bytes [ 75, 08, FF, 15, 30, 10, 96, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 152 769EEFF5 108 Bytes [ FF, 83, C4, 10, BF, 05, 40, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + 3F 769EF113 37 Bytes [ 00, 8B, 45, 20, 0F, B7, 40, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + 65 769EF139 54 Bytes [ FF, 33, C9, 85, C0, 0F, 95, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + 9C 769EF170 31 Bytes [ 8B, 7D, F4, 83, C4, 10, EB, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + BC 769EF190 51 Bytes [ 68, 98, E5, 9E, 76, 6A, 04, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + F0 769EF1C4 26 Bytes [ 68, 98, E5, 9E, 76, 6A, 04, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllInstall + B 769EFC40 11 Bytes [ 6E, 00, 63, 00, 74, 00, 69, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllInstall + 17 769EFC4C 143 Bytes [ 20, 00, 63, 00, 61, 00, 6C, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllInstall + A7 769EFCDC 33 Bytes [ 75, 0C, 83, 3D, 84, 2D, A0, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllInstall + C9 769EFCFE 59 Bytes [ A1, EC, 13, A0, 76, 53, 56, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + 29 769EFD3A 47 Bytes [ FF, 50, FF, 15, 34, 12, 96, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + 59 769EFD6A 7 Bytes [ D6, 59, 8D, 44, 00, 02, 50 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + 61 769EFD72 32 Bytes [ 8B, 3D, E0, 10, 96, 76, 6A, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + 82 769EFD93 37 Bytes [ B5, F0, FB, FF, FF, FF, D3, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + A9 769EFDBA 24 Bytes [ D6, 59, 8D, 44, 00, 02, 50, ... ]
.text ...
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + D 769F0F2C 2 Bytes [ 83, C4 ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + 10 769F0F2F 49 Bytes [ 8D, 85, 44, FE, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + 42 769F0F61 27 Bytes [ FF, 3B, C7, 0F, 84, 42, FE, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + 5E 769F0F7D 43 Bytes [ 0F, 84, 69, 07, 00, 00, 66, ... ]
.text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + 8A 769F0FA9 109 Bytes [ 68, 50, B3, 99, 76, 8D, 8D, ... ]
.text ...
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection 7C911000 5 Bytes [ 4D, 5A, 90, 00, 03 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection + 7 7C911007 7 Bytes [ 00, 04, 00, 00, 00, FF, FF ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection + F 7C91100F 18 Bytes [ 00, B8, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection + 24 7C911024 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection + 29 7C911029 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection 7C9110E0 28 Bytes [ 50, 45, 00, 00, 4C, 01, 04, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection + 1D 7C9110FD 8 Bytes [ A0, 07, 00, 00, 84, 03, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection + 28 7C911108 4 Bytes [ 28, 2C, 01, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection + 2D 7C91110D 1 Byte [ 10 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection + 30 7C911110 19 Bytes [ 00, 60, 07, 00, 00, 00, 91, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + C 7C911124 1 Byte [ 05 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + E 7C911126 10 Bytes [ 01, 00, 04, 00, 0A, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + 19 7C911131 10 Bytes [ 60, 0B, 00, 00, 04, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + 24 7C91113C 3 Bytes [ 03, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + 2A 7C911142 2 Bytes [ 04, 00 ]
.text ...
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!LdrInitializeThunk 7C911166 14 Bytes [ 00, 00, 00, 00, 08, 00, C4, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!LdrInitializeThunk + F 7C911175 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!LdrInitializeThunk + 2D 7C911193 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + D 7C9111A5 15 Bytes [ 00, 00, 00, 70, F3, 04, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + 1E 7C9111B6 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + 26 7C9111BE 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + 2D 7C9111C5 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + 33 7C9111CB 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + F 7C9111EC 6 Bytes [ 00, 04, 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 16 7C9111F3 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 22 7C9111FF 8 Bytes [ 60, 2E, 64, 61, 74, 61, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 2C 7C911209 20 Bytes [ 4A, 00, 00, 00, B0, 07, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!NtCurrentTeb 7C91121E 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!NtCurrentTeb + 6 7C911224 15 Bytes [ 40, 00, 00, C0, 2E, 72, 73, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitString + F 7C911234 20 Bytes [ 00, 00, 08, 00, 00, 22, 03, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitString + 25 7C91124A 18 Bytes [ 00, 00, 40, 00, 00, 40, 2E, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitAnsiString 7C91125D 11 Bytes [ 30, 0B, 00, 00, 30, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitAnsiString + F 7C91126C 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitAnsiString + 25 7C911282 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitAnsiString + 2C 7C911289 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitUnicodeString 7C911295 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitUnicodeString + F 7C9112A4 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitUnicodeString + 28 7C9112BD 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitUnicodeString + 2F 7C9112C4 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsin 7C9112D1 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsin + B 7C9112DC 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsin + 10 7C9112E1 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 9 7C9112EE 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 2D 7C911312 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 33 7C911318 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 38 7C91131D 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 43 7C911328 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsqrt + B 7C91138A 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsqrt + 10 7C91138F 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 9 7C91139C 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 21 7C9113B4 1 Byte [ 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 25 7C9113B8 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 31 7C9113C4 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 37 7C9113CA 2 Bytes [ 00, 00 ]
.text ...
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldiv + 19 7C911454 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldiv + 35 7C911470 110 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldiv + A4 7C9114DF 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm 7C9114E5 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm + 1C 7C911501 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm + 38 7C91151D 140 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm + C5 7C9115AA 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm + D9 7C9115BE 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_allmul 7C9115C4 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_allmul + 19 7C9115DD 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe 7C9115F8 1 Byte [ 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe + 2 7C9115FA 1 Byte [ 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe + 5 7C9115FD 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe + 10 7C911608 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe + 13 7C91160B 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
Re,
Upload moi le rapport Gmer sur mediafire.
Uploader un fichier sur mediafire :
- Rends-toi sur ce lien : http://www.mediafire.com/
- Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
- Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
- Clique ensuite sur "Upload".
- A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
- Valide et laisse l'upload se faire.
- Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.
Et pense à me poster sur le forum le rapport de DDS.
re alors voici le lien url http://www.mediafire.com/?sharekey [...] 0208e69f54
et voici le rapport dds
ps encore merci de ton aide
DDS (Version 1.0) - NTFSx86
Run by BOB51 at 19:47:40,09 on 03/12/2008
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.895.206 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Winamp\Winampa.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\VMSnap23.exe
C:\WINDOWS\Domino.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\PROGRA~1\TRANSV~1\TransVente.exe
C:\Documents and Settings\BOB51\Bureau\msn plus\ManyCam 2.3\ManyCam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wsc32x.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Documents and Settings\BOB51\Bureau\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = www.msn.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
uURLSearchHooks: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - c:\progra~1\wanadoo\SEARCH~1.DLL
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {0034b039-9e5e-4e5c-a439-a9e2dbfd98d2} - c:\windows\system32\iyrdbl.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJCTJda.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {9A719D77-C59C-46A9-80CA-1CC0261FA3FF} - c:\windows\system32\tuvUKAtt.dll
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WOOKIT] c:\progra~1\wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
uRun: [SmpcSys] c:\apps\smp\SmpSys.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [FIRSTFACE] c:\docume~1\bob51\applic~1\dashna~1\ANTI CAKE DVD.exe
uRun: [TransVente] c:\progra~1\transv~1\TransVente.exe 1
uRun: [EPSON BX300F Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieje.exe /fu "c:\windows\temp\E_S20E.tmp" /EF "HKCU"
uRun: [ManyCam] "c:\documents and settings\bob51\bureau\msn plus\manycam 2.3\ManyCam.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [gadcom] "c:\documents and settings\bob51\application data\gadcom\gadcom.exe" 61A847B5BBF72810339E3F466188719AB689201522886B092CBD44BD8689220221DD3257
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinampAgent] "c:\winamp\Winampa.exe"
mRun: [Ulead AutoDetector v2] c:\program files\fichiers communs\ulead systems\autodetector\monitor.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe -startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [I downloaded pirated Software from P2P ] Gothic 3
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
mRun: [WOOWATCH] c:\progra~1\wanadoo\Watch.exe
mRun: [WOOTASKBARICON] c:\progra~1\wanadoo\GestMaj.exe TaskBarIcon.exe
mRun: [Adobe Photo Downloader] "c:\photoshop album edition découverte\3.0\apps\apdproxy.exe"
mRun: [BigDogPath323VMSnap] c:\windows\VMSnap23.exe
mRun: [BigDogPath323Domino] c:\windows\Domino.exe
mRun: [SPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [blue delete title meow] c:\documents and settings\all users\application data\up hold blue delete\Great Sixth.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [SpywareCleaner] c:\windows\system32\SpywareRemover.exe
mRun: [m6] c:\m6video\M6video.exe
mRun: [book bows bolt bib] c:\documents and settings\all users\application data\bone about book bows\list deaf.exe
mRun: [uPlayMe] "c:\program files\uplayme\uPlayMe.exe"
mRun: [Pop-Up Stopper] "c:\program files\panicware\pop-up stopper\dpps2.exe"
mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe
mRun: [SpyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter3.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\office10\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\windows live toolbar\components\fr-fr\msntabres.dll.mui/229?0c5dbed6bf5c4ba7bf5aed38f0a0f40a
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\windows live toolbar\components\fr-fr\msntabres.dll.mui/230?0c5dbed6bf5c4ba7bf5aed38f0a0f40a
IE: { - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {c:\program files\messenger\msmsgs.exe -
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: mlJCTJda - mlJCTJda.dll
AppInit_DLLs: vtfhre.dll iyrdbl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: OLESys - {B0B28A0F-73C0-446E-BB4B-FA5C285A7BED} - c:\documents and settings\all users\application data\microsoft\internet explorer\OLESys.dll
SSODL: Explorer - {58005BE1-21D6-4575-AFB9-B030753FBDF6} - c:\documents and settings\all users\application data\microsoft\protect\pjyxzjabti.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJCTJda.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvUKAtt
============= SERVICES / DRIVERS ===============
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-7-25 476672]
S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera;c:\windows\system32\drivers\usbvm323.sys [2007-7-25 259968]
=============== Created Last 30 ================
2008-12-03 19:14 250 a------- c:\windows\gmer.ini
2008-12-03 18:07 <DIR> --d----- c:\program files\Spyware Guard 2008
2008-12-03 17:37 664 a------- c:\windows\system32\d3d9caps.dat
2008-12-03 17:31 <DIR> --d----- c:\program files\Enigma Software Group
2008-12-03 02:43 <DIR> --d----- c:\program files\Yahoo!
2008-12-03 02:42 <DIR> --d----- c:\program files\CCleaner
2008-12-03 02:26 <DIR> --d----- c:\program files\EMCO MoveOnBoot
2008-12-02 23:39 0 a------- c:\windows\system32\wertyu.dll
2008-12-02 23:39 0 a------- c:\windows\system32\getwn32.dll
2008-12-02 23:39 0 a------- c:\windows\system32\av.exe
2008-12-02 23:36 129,024 a------- c:\windows\system32\iyrdbl.dll
2008-12-02 23:36 129,024 a------- c:\windows\system32\qfpsrsac.dll
2008-12-02 23:35 294,912 a------- c:\windows\system32\wsc32x.exe
2008-12-02 23:35 134,149 a------- c:\windows\reged.exe
2008-12-02 23:35 18,941 a------- c:\windows\vmreg.dll
2008-12-02 23:35 1,003,957 a------- c:\windows\sysexplorer.exe
2008-12-02 23:35 50,620 a------- c:\windows\sys.com
2008-12-02 23:35 47,872 a------- c:\windows\syscert.exe
2008-12-02 23:35 51,197 a------- c:\windows\spoolsystem.exe
2008-12-02 23:34 89,614 a------- c:\windows\system32\av.dat
2008-12-02 23:34 2,271 a------- c:\windows\system32\TDSSqxub.dll
2008-12-02 23:34 73,728 a------- c:\windows\system32\TDSStken.dll
2008-12-02 23:34 31,232 a------- c:\windows\system32\TDSSacsn.dll
2008-12-02 23:34 29,696 a------- c:\windows\system32\TDSSurtm.dll
2008-12-02 23:34 527 a------- c:\windows\system32\TDSSejja.dat
2008-12-02 23:34 35,840 a------- c:\windows\system32\TDSSjokw.dll
2008-12-02 23:33 60,416 a------- c:\windows\system32\drivers\TDSSmyvt.sys
2008-12-02 23:33 59,909 a------- c:\docume~1\alluse~1\applic~1\winlogon.exe
2008-12-02 23:33 228,864 a------- c:\windows\system32\cowcvwod.exe
2008-12-02 23:30 1,409,964 ---sh--- c:\windows\system32\eruwjfpe.ini
2008-12-02 23:30 72,704 a------- c:\windows\system32\epfjwure.dll
2008-12-02 00:14 <DIR> --d----- c:\program files\Panicware
2008-12-01 23:30 1,377,860 ---sh--- c:\windows\system32\xaaqbhvp.ini
2008-12-01 23:27 129,024 a------- c:\windows\system32\giperv.dll
2008-12-01 23:27 129,024 a------- c:\windows\system32\ahtfkmnr.dll
2008-12-01 23:26 605,173 a--sh--- c:\windows\system32\ttAKUvut.ini2
2008-12-01 23:26 0 a--sh--- c:\windows\system32\ttAKUvut.ini
2008-12-01 23:26 318,464 a------- c:\windows\system32\tuvUKAtt.dll
2008-12-01 23:05 161,792 a------- c:\windows\SWREG.exe
2008-12-01 23:05 98,816 a------- c:\windows\sed.exe
2008-12-01 21:11 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-01 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-01 18:27 152,904 a------- c:\windows\system32\vghd.scr
2008-12-01 18:27 461 a------- c:\windows\system32\win32hlp.cnf
2008-12-01 18:27 <DIR> --d----- c:\program files\vghd
2008-12-01 18:27 <DIR> --d----- c:\docume~1\bob51\applic~1\vghd
2008-12-01 18:26 38,400 a------- c:\windows\system32\mlJCTJda.dll
2008-11-30 13:46 297,709 a------- c:\windows\system32\SpywareRemover.exe
2008-11-27 23:33 8 a------- c:\windows\system32\WIN.INI
2008-11-27 23:33 8 a------- c:\windows\system32\SYSTEM.INI
2008-11-27 23:33 8 a------- c:\windows\system32\PROTOCOL.INI
2008-11-27 23:32 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2008-11-27 23:32 <DIR> --d----- C:\Translations
2008-11-27 23:17 <DIR> --d----- C:\Data
2008-11-27 23:16 <DIR> --d----- c:\program files\fichiers communs\knifeedge
2008-11-27 23:16 <DIR> --d----- C:\Documentation
2008-11-27 17:40 <DIR> --d----- C:\FMS
2008-11-27 14:27 <DIR> --d----- c:\program files\Dashnamemove
2008-11-25 01:00 <DIR> --d----- c:\docume~1\bob51\applic~1\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
2008-11-25 00:59 <DIR> --d----- c:\program files\uPlayMe
2008-11-25 00:59 <DIR> --d----- c:\program files\fichiers communs\Adobe AIR
2008-11-25 00:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\uPlayMe
2008-11-21 14:30 <DIR> --d-h--- c:\windows\Bifrost
2008-11-20 18:41 124,688 a------- c:\windows\system32\MSWINSCK.ocx
2008-11-20 18:41 <DIR> --d----- c:\program files\MessengerDiscovery
2008-11-20 12:55 <DIR> --d----- C:\v
2008-11-20 12:54 <DIR> --d----- C:\VehiPlan-2-0-0
2008-11-19 16:23 <DIR> --d----- c:\program files\fichiers communs\xing shared
2008-11-17 08:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2008-11-16 19:43 <DIR> --d----- C:\Logs
2008-11-13 01:41 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 01:41 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 03:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-10 20:00 268,648 a------- c:\windows\system32\mucltui.dll
2008-11-10 20:00 208,744 a------- c:\windows\system32\muweb.dll
2008-11-10 20:00 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-11-10 01:37 <DIR> -cdsh--- c:\program files\fichiers communs\WindowsLiveInstaller
2008-11-09 22:51 255,788,920 a------- C:\yy.rar
==================== Find3M ====================
2008-12-03 19:45 <DIR> --d----- c:\program files\Wanadoo
2008-12-03 18:08 <DIR> --d----- c:\program files\SPAMfighter
2008-12-01 23:26 474,972 a------- c:\windows\system32\perfh00C.dat
2008-12-01 23:26 77,476 a------- c:\windows\system32\perfc00C.dat
2008-12-01 22:04 <DIR> --d----- c:\program files\Everest Poker
2008-11-27 14:28 <DIR> --d----- c:\docume~1\bob51\applic~1\Dashnamemove
2008-11-27 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\up hold blue delete
2008-11-27 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vc meta poke axis
2008-11-19 16:23 <DIR> --d----- c:\program files\fichiers communs\Real
2008-11-16 06:28 <DIR> --d----- c:\program files\fichiers communs\Blizzard Entertainment
2008-11-07 01:12 <DIR> --d----- c:\program files\TransVente
2008-10-31 00:22 2,980 a------- c:\windows\mozver.dat
2008-10-30 23:51 <DIR> --d----- c:\program files\Messenger
2008-10-30 23:48 76,507 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-30 23:38 <DIR> --d----- c:\program files\Windows NT
2008-10-27 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2008-10-27 16:41 <DIR> --d----- c:\program files\Epson Software
2008-10-27 16:37 <DIR> --d----- c:\program files\epson
2008-10-27 16:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2008-10-26 14:44 <DIR> --d----- c:\docume~1\bob51\applic~1\SPAMfighter
2008-10-26 14:44 <DIR> --d----- c:\program files\fichiers communs\Application
2008-10-17 21:14 <DIR> --d----- c:\program files\IDoser v4
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 17:35 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 00:38 4,584 a------- c:\windows\BricoPackFoldersDelete.cmd
2008-10-15 00:37 45,686 a------- c:\windows\BricoPackUninst.cmd
2008-10-15 00:09 <DIR> --d----- c:\program files\Atari
2008-10-03 18:12 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 16:26 1,846,528 a------- c:\windows\system32\win32k.sys
2008-09-15 16:26 1,846,528 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-13 01:32 <DIR> --d----- c:\docume~1\bob51\applic~1\GrabPro
2008-09-10 02:15 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-10 02:15 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 11:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-09-07 02:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BONE ABOUT BOOK BOWS
2008-01-06 22:24 <DIR> --d----- c:\docume~1\bob51\applic~1\TVU Networks
2007-12-19 15:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2007-11-30 04:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2007-09-20 14:37 <DIR> --d----- c:\docume~1\bob51\applic~1\CamfrogWEB
2007-08-18 12:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nurb long bib bone
2007-05-16 13:08 <DIR> --d----- c:\docume~1\bob51\applic~1\BitDownload
2007-05-12 22:08 <DIR> --d----- c:\docume~1\bob51\applic~1\Command & Conquer 3 Tiberium Wars Demo
2007-04-19 12:56 <DIR> --d----- c:\docume~1\bob51\applic~1\MySpace
2006-12-21 00:11 <DIR> --d----- c:\docume~1\bob51\applic~1\BitTorrent
2006-12-19 00:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2006-10-30 21:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BOONTY
2006-10-11 23:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Age of Empires 3 XPack Trial
2006-10-08 17:28 <DIR> --d----- c:\docume~1\bob51\applic~1\Kazaa Lite
2006-10-05 17:33 <DIR> --d----- c:\docume~1\bob51\applic~1\OD2
2006-08-24 22:55 <DIR> --d----- c:\docume~1\bob51\applic~1\AOL
2006-08-24 22:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OD2
2006-08-24 22:41 <DIR> --d----- c:\docume~1\bob51\applic~1\You've Got Pictures Screensaver
2004-08-16 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
============= FINISH: 19:51:26,92 ===============
Re,
Il y a en effet un joli ménage à faire.
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Renomme-le avant téléchargement en suivant cette procédure : pcastuces.com
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Il va te demander d'installer la console de récupération : accepte.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Bonne nuit, à demain.
re voila le rapport de combofix enfaite combofix je l est installer hier car tout sa c parti de warnig secuity ducoup j ai chercher sur la toile et j ai trouver combofix qui ma bien aider il a effacer le virus warning mais n avais pas prevu spyware guard 2008
voici le rapport
ComboFix 08-12-01.01 - BOB51 2008-12-01 23:09:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.310 [GMT 1:00]
Lancé depuis: c:\documents and settings\BOB51\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\BOB51\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\BOB51\Application Data\addon.dat
c:\documents and settings\BOB51\Application Data\gadcom
c:\documents and settings\BOB51\Application Data\gadcom\gadcom.exe
c:\documents and settings\BOB51\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Dynamic Toolbar
c:\program files\Dynamic Toolbar\batch.bat
c:\program files\Dynamic Toolbar\Cache\go.bmp
c:\program files\Dynamic Toolbar\Cache\home.bmp
c:\program files\Dynamic Toolbar\Cache\logo_pb.bmp
c:\program files\Dynamic Toolbar\Cache\parent_off.bmp
c:\program files\Dynamic Toolbar\Cache\parent_on.bmp
c:\program files\Dynamic Toolbar\Cache\pbfrv2tb0200.cfg
c:\program files\Dynamic Toolbar\Cache\popup_off.bmp
c:\program files\Dynamic Toolbar\Cache\popup_on.bmp
c:\program files\Dynamic Toolbar\Cache\search.bmp
c:\program files\Dynamic Toolbar\Cache\services.bmp
c:\program files\Dynamic Toolbar\Cache\skin.bmp
c:\program files\Dynamic Toolbar\Cache\skin1.bmp
c:\program files\Dynamic Toolbar\Cache\skin2.bmp
c:\program files\Dynamic Toolbar\Cache\skin3.bmp
c:\program files\Dynamic Toolbar\Cache\skin4.bmp
c:\program files\Dynamic Toolbar\Cache\skin5.bmp
c:\program files\Dynamic Toolbar\Cache\store.bmp
c:\program files\Dynamic Toolbar\Cache\style.css
c:\program files\Dynamic Toolbar\Cache\support.bmp
c:\program files\Dynamic Toolbar\Cache\ticker.xml
c:\program files\Dynamic Toolbar\PBFRV2\Cache\_Ticker_ticker.txt
c:\program files\Dynamic Toolbar\PBFRV2\Cache\ErrorLog.txt
c:\program files\Dynamic Toolbar\PBFRV2\Cache\go.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\home.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\logo_pb.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\parent_off.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\parent_on.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\PBFRV2TB0200.cfg
c:\program files\Dynamic Toolbar\PBFRV2\Cache\popup_off.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\popup_on.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\search.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\services.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin1.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin2.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin3.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin4.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin5.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\store.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\style.css
c:\program files\Dynamic Toolbar\PBFRV2\Cache\support.bmp
c:\program files\Dynamic Toolbar\PBFRV2\Cache\ticker.xml
c:\program files\Dynamic Toolbar\unins000.dat
c:\program files\Dynamic Toolbar\unins000.exe
c:\windows\ktd32.atm
c:\windows\services.exe
c:\windows\system\sservice.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\awttqqOG.dll
c:\windows\system32\config\31823332.Evt
c:\windows\system32\frmwrk32.exe
c:\windows\system32\fservice.exe
c:\windows\system32\geatxe.dll
c:\windows\system32\geBsstqp.dll
c:\windows\system32\gucfyuyj.dll
c:\windows\system32\jyuyfcug.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\msdocjos.dll
c:\windows\system32\mthudtrn.dll
c:\windows\system32\ntdll64.exe
c:\windows\system32\pqtssBeg.ini
c:\windows\system32\pqtssBeg.ini2
c:\windows\system32\reginv.dll
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\vjinwiwx.dll
c:\windows\system32\vtfhre.dll
c:\windows\system32\warning.gif
c:\windows\system32\winkey.dll
c:\windows\system32\xwiwnijv.ini
c:\windows\Tasks\gmfcpjfu.job
[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!![/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Legacy_BOONTY_GAMES
-------\Legacy_OREANS32
-------\Service_asc3550p
-------\Service_Boonty Games
-------\Service_oreans32
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 21:11 . 2008-12-01 21:16 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-01 21:11 . 2008-12-01 21:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 20:04 . 2008-12-01 22:38 <REP> d-------- c:\program files\a-squared Free
2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\program files\vghd
2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\documents and settings\BOB51\Application Data\vghd
2008-12-01 18:27 . 2008-12-01 18:27 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-01 18:27 . 2008-12-01 22:16 461 --a------ c:\windows\system32\win32hlp.cnf
2008-12-01 18:26 . 2008-12-01 18:26 38,400 --a------ c:\windows\system32\mlJCTJda.dll
2008-11-30 13:46 . 2008-11-30 13:46 297,709 --a------ c:\windows\system32\SpywareRemover.exe
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\WIN.INI
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\SYSTEM.INI
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\PROTOCOL.INI
2008-11-27 23:32 . 2008-11-27 23:32 <REP> d-------- C:\Translations
2008-11-27 23:32 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2008-11-27 23:17 . 2008-11-27 23:32 <REP> d-------- C:\Data
2008-11-27 23:16 . 2008-11-27 23:32 <REP> d-------- c:\program files\Fichiers communs\knifeedge
2008-11-27 23:16 . 2008-11-27 23:16 <REP> d-------- C:\Documentation
2008-11-27 17:40 . 2008-11-27 17:40 <REP> d-------- C:\FMS
2008-11-27 14:27 . 2008-11-27 14:27 <REP> d-------- c:\program files\Dashnamemove
2008-11-25 01:00 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\BOB51\Application Data\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
2008-11-25 00:59 . 2008-12-01 18:55 <REP> d-------- c:\program files\uPlayMe
2008-11-25 00:59 . 2008-11-25 00:59 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-11-25 00:56 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\All Users\Application Data\uPlayMe
2008-11-21 14:30 . 2008-11-21 14:30 <REP> d--h----- c:\windows\Bifrost
2008-11-20 18:41 . 2008-11-23 04:16 <REP> d-------- c:\program files\MessengerDiscovery
2008-11-20 18:41 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx
2008-11-20 12:55 . 2008-11-20 12:55 <REP> d-------- C:\v
2008-11-20 12:54 . 2008-11-20 12:58 <REP> d-------- C:\VehiPlan-2-0-0
2008-11-19 16:23 . 2008-11-19 16:23 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-11-17 08:44 . 2008-11-17 08:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-16 19:43 . 2008-11-16 19:43 <REP> d-------- C:\Logs
2008-11-13 01:41 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 01:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 03:00 . 2008-11-11 03:00 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-10 20:00 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-10 20:00 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-10 20:00 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-10 01:37 . 2008-11-23 04:15 <REP> d-------- c:\program files\Windows Live
2008-11-10 01:37 . 2008-11-23 04:12 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-10 01:37 . 2008-11-23 04:12 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-09 22:51 . 2008-11-09 22:58 255,788,920 --a------ C:\yy.rar
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 22:24 --------- d-----w c:\program files\Wanadoo
2008-12-01 22:23 --------- d-----w c:\program files\SPAMfighter
2008-12-01 21:04 --------- d-----w c:\program files\Everest Poker
2008-12-01 17:54 --------- d-----w c:\documents and settings\BOB51\Application Data\Orbit
2008-11-27 13:28 --------- d-----w c:\documents and settings\BOB51\Application Data\Dashnamemove
2008-11-27 13:28 --------- d-----w c:\documents and settings\All Users\Application Data\vc meta poke axis
2008-11-27 13:28 --------- d-----w c:\documents and settings\All Users\Application Data\up hold blue delete
2008-11-19 15:23 --------- d-----w c:\program files\Fichiers communs\Real
2008-11-16 05:28 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-07 00:12 --------- d-----w c:\program files\TransVente
2008-11-05 23:13 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
2008-10-30 22:56 96,384 ----a-w c:\windows\system32\drivers\sptd1981.sys
2008-10-29 23:59 --------- d-----w c:\program files\Java
2008-10-27 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
2008-10-27 15:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 15:41 --------- d-----w c:\program files\Epson Software
2008-10-27 15:38 --------- d-----w c:\documents and settings\BOB51\Application Data\InstallShield
2008-10-27 15:37 --------- d-----w c:\program files\epson
2008-10-27 15:36 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2008-10-27 15:33 --------- d-----w c:\documents and settings\BOB51\Application Data\EPSON
2008-10-26 13:44 --------- d-----w c:\program files\Fichiers communs\Application
2008-10-26 13:44 --------- d-----w c:\documents and settings\BOB51\Application Data\SPAMfighter
2008-10-26 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 20:14 --------- d-----w c:\program files\IDoser v4
2008-10-14 23:38 4,584 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-14 23:37 45,686 ----a-w c:\windows\BricoPackUninst.cmd
2008-10-14 23:09 --------- d-----w c:\program files\Atari
2008-10-08 20:31 7,131,136 ----a-w C:\RealFlight.exe
2008-10-02 09:23 --------- d-----w c:\program files\Sun
2008-09-29 10:53 847,872 ----a-w C:\LauncherG4.exe
2008-09-06 13:09 880,640 ----a-w C:\QTOControl.dll
2008-09-06 13:09 806,912 ----a-w C:\QTOLibrary.dll
2008-09-06 13:09 782,336 ----a-w C:\QTInfo.exe
2008-09-06 13:09 7,685,424 ----a-w C:\QuickTimePlayer.exe
2008-09-06 13:09 548,864 ----a-w C:\PictureViewer.exe
2008-09-06 13:09 413,696 ----a-w C:\QTTask.exe
2008-09-06 13:09 352,256 ----a-w C:\QTUIPanelControl.dll
2006-11-22 19:01 54 ----a-w c:\program files\inc1.bat
2006-11-22 19:01 41 ----a-w c:\program files\sleep.bat
2006-07-18 13:41 1,019,094 --sha-r c:\program files\serial.tde
2006-07-16 19:16 194,133 ----a-w c:\program files\patcher.exe
2006-07-13 19:36 280,692 ----a-w c:\program files\dr.exe
2006-07-13 19:23 291,956 ----a-w c:\program files\shell32.exe
2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.tbe
2006-05-28 16:34 435,756 ----a-w c:\program files\wunauclt.exe
2005-09-28 09:56 185,856 ----a-w c:\program files\7za.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1858E8EC-489E-4E53-B0F4-7368E929FBC4}]
2008-12-01 23:26 318464 --a------ c:\windows\system32\tuvUKAtt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-01 18:26 38400 --a------ c:\windows\system32\mlJCTJda.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
2008-04-02 13:24 266240 --a------ c:\program files\Epson Software\Easy Photo Print\EPTBL.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"= "c:\program files\Epson Software\Easy Photo Print\EPTBL.dll" [2008-04-02 266240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"FIRSTFACE"="c:\docume~1\BOB51\APPLIC~1\DASHNA~1\ANTI CAKE DVD.exe" [2008-11-27 505344]
"TransVente"="c:\progra~1\TRANSV~1\TransVente.exe" [2006-11-23 40960]
"EPSON BX300F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE" [2008-01-22 188928]
"ManyCam"="c:\documents and settings\BOB51\Bureau\msn plus\ManyCam 2.3\ManyCam.exe" [2008-10-14 1791272]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I downloaded pirated Software from P2P "="Gothic 3" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"WinampAgent"="c:\winamp\Winampa.exe" [2008-08-04 36352]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="c:\photoshop album edition découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2006-09-19 212992]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-27 49152]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-10-22 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"blue delete title meow"="c:\documents and settings\All Users\Application Data\up hold blue delete\Great Sixth.exe" [2008-12-01 5510656]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-19 185872]
"SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-30 297709]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\mlJCTJda.dll" [2008-12-01 38400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCTJda]
2008-12-01 18:26 38400 c:\windows\system32\mlJCTJda.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vtfhre.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\tuvUKAtt
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12278:TCP"= 12278:TCP:BitComet 12278 TCP
"12278:UDP"= 12278:UDP:BitComet 12278 UDP
"3724:TCP"= 3724:TCP:bizzard downloader
"6112:UDP"= 6112:UDP:bizzard downloader
"4762:TCP"= 4762:TCP:emule
"4763:TCP"= 4763:TCP:emule
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-10-22 184968]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-07-25 476672]
S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera;c:\windows\system32\Drivers\usbvm323.sys [2007-07-25 259968]
.
Contenu du dossier 'Tâches planifiées'
2008-12-01 c:\windows\Tasks\A6B0FDD3918B6FB3.job
- c:\docume~1\bob51\applic~1\dashna~1\army user ping.exe [2008-11-27 14:28]
2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{16b235bb-16cf-4771-9066-aa35f9b30235} - c:\windows\system32\vtfhre.dll
BHO-{3D94C354-A9E8-4972-9D44-155325CAE0FD} - c:\windows\system32\geBsstqp.dll
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKLM-Run-m6 - c:\m6video\M6video.exe
HKLM-Run-book bows bolt bib - c:\documents and settings\All Users\Application Data\BONE ABOUT BOOK BOWS\list deaf.exe
HKLM-Run-uPlayMe - c:\program files\uPlayMe\uPlayMe.exe
HKLM-Explorer_Run-DirectX For Microsoft® Windows - c:\windows\system32\fservice.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 23:21:36
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00¨
[%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00.\03pè\13\00pè\13\00\18î"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\mlJCTJda.dll
- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\FTRTSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\windows\system32\msiexec.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-01 23:29:49 - La machine a redémarré [BOB51]
ComboFix-quarantined-files.txt 2008-12-01 22:29:38
Avant-CF: 46 233 063 424 octets libres
Après-CF: 46,410,211,328 octets libres
344 --- E O F --- 2008-12-01 02:00:20
slt tu ma pas oublier ?
Re,
Non, mais j'ai passé la journée en cours 
On continue, il reste des choses à faire.
Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
- Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Tu as ton CD de windows ou pas ? Cela pourrait aider, faciliter une manip'.
re bizarre quand je fait recherche avec lop sd ,sa m eteint la fenetre et y a pas de scan qui se fait ?
sinon non j ai pas de cd windows j aurais bien tout reformater c pas possible sans cd ? juste une recuperation de windows
Re,
Sélectionne l'intégralité du cadre ci-dessous :
http://www.infos-du-net.com/forum/283909-11-gros-probleme-virus-spyware-guard-2008#bas
|
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix.
- ComboFix créera ces fichiers sur ton Bureau :
- Un fichier zippé nommé Submit [Date Time].zip
- Un second fichier nommé - CF-Submit.htm
- ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
- Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
- Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
- Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
- Clique sur le bouton "Browse"("Parcourir" ) et navigue vers le fichier
Submit [Date Time].zip qui est sur ton Bureau.
- Clique sur le fichier afin de le sélectionner.
- Soumets le fichier en cliquant "OK"
- Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
voici les 2 rapport
le 1
ComboFix 08-12-02.02 - BOB51 2008-12-05 0:04:15.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.190 [GMT 1:00]
Lancé depuis: c:\documents and settings\BOB51\Bureau\Combo-Fix.exe
Commutateurs utilisés :: c:\documents and settings\BOB51\Bureau\CFScript.txt
FILE ::
c:\windows\Tasks\A6B0FDD3918B6FB3.job
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll
c:\documents and settings\All Users\Application Data\Microsoft\Protect\ie.dll
c:\documents and settings\All Users\Application Data\up hold blue delete
c:\documents and settings\All Users\Application Data\up hold blue delete\bits warn.exe
c:\documents and settings\All Users\Application Data\up hold blue delete\Great Sixth.exe
c:\documents and settings\All Users\Application Data\vc meta poke axis
c:\documents and settings\All Users\Application Data\vc meta poke axis\jugsbike.exe
c:\documents and settings\All Users\Application Data\vc meta poke axis\VIEWTRANS.exe
c:\documents and settings\All Users\Application Data\winlogon.exe
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\uninstall.exe
c:\program files\Spyware Guard 2008\vbase.vdb
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\fbdruqmo.dll
c:\windows\system32\fccyaXnk.dll
c:\windows\system32\fnpexkwy.dll
c:\windows\system32\iedxdejm.dll
c:\windows\system32\jcmbigpu.ini
c:\windows\system32\jpigpb.dll
c:\windows\system32\knXayccf.ini
c:\windows\system32\knXayccf.ini2
c:\windows\system32\liuvioqt.dll
c:\windows\system32\mlJCTJda.dll
c:\windows\system32\nmbbiapa.dll
c:\windows\system32\omqurdbf.ini
c:\windows\system32\qqynrs.dll
c:\windows\system32\rbzasa.dll
c:\windows\system32\SpywareRemover.exe
c:\windows\system32\upgibmcj.dll
c:\windows\system32\wsc32x.exe
c:\windows\system32\ywkxepnf.ini
c:\windows\Tasks\A6B0FDD3918B6FB3.job
c:\windows\vmreg.dll
.
---- Previous Run -------
.
c:\windows\system32\ahtfkmnr.dll
c:\windows\system32\av.dat
c:\windows\system32\av.exe
c:\windows\system32\Drivers\TDSSmyvt.sys
c:\windows\system32\epfjwure.dll
c:\windows\system32\eruwjfpe.ini
c:\windows\system32\getwn32.dll
c:\windows\system32\giperv.dll
c:\windows\system32\iyrdbl.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\qfpsrsac.dll
c:\windows\system32\TDSSacsn.dll
c:\windows\system32\TDSSejja.dat
c:\windows\system32\TDSSjokw.dll
c:\windows\system32\TDSSoigq.log
c:\windows\system32\TDSSqxub.dll
c:\windows\system32\TDSStken.dll
c:\windows\system32\TDSSurtm.dll
c:\windows\system32\ttAKUvut.ini
c:\windows\system32\ttAKUvut.ini2
c:\windows\system32\tuvUKAtt.dll
c:\windows\system32\wertyu.dll
c:\windows\system32\xaaqbhvp.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-04 au 2008-12-04 ))))))))))))))))))))))))))))))))))))
.
2008-12-05 00:15 . 2008-12-05 00:15 294,912 --a------ c:\windows\system32\wsc32x.exe
2008-12-04 23:23 . 2008-12-04 23:23 <REP> d-------- C:\Lop SD
2008-12-03 22:39 . 2008-12-04 01:52 <REP> d-------- C:\ComboFix
2008-12-03 19:14 . 2008-12-03 19:14 250 --a------ c:\windows\gmer.ini
2008-12-03 17:37 . 2008-12-05 00:14 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-03 17:31 . 2008-12-03 23:00 <REP> d-------- c:\program files\Enigma Software Group
2008-12-03 04:13 . 2008-12-03 04:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-03 03:26 . 2006-08-24 22:41 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2008-12-03 03:26 . 2006-08-24 22:57 <REP> dr------- c:\documents and settings\Administrateur\Bureau
2008-12-03 03:26 . 2006-08-24 22:41 <REP> d-------- c:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-12-03 03:26 . 2006-08-24 22:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AOL
2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-03 03:25 . 2006-08-24 22:57 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2008-12-03 03:25 . 2004-08-16 16:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-03 03:25 . 2008-12-03 03:26 <REP> d-------- c:\documents and settings\Administrateur
2008-12-03 02:43 . 2008-12-03 02:43 <REP> d-------- c:\program files\Yahoo!
2008-12-03 02:42 . 2008-12-03 02:42 <REP> d-------- c:\program files\CCleaner
2008-12-03 02:26 . 2008-12-03 02:30 <REP> d-------- c:\program files\EMCO MoveOnBoot
2008-12-02 23:33 . 2008-12-02 23:33 228,864 --a------ c:\windows\system32\cowcvwod.exe
2008-12-02 00:14 . 2008-12-02 00:14 <REP> d-------- c:\program files\Panicware
2008-12-01 21:11 . 2008-12-01 23:51 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-01 21:11 . 2008-12-01 23:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\program files\vghd
2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\documents and settings\BOB51\Application Data\vghd
2008-12-01 18:27 . 2008-12-01 18:27 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-01 18:27 . 2008-12-01 22:16 461 --a------ c:\windows\system32\win32hlp.cnf
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\WIN.INI
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\SYSTEM.INI
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\PROTOCOL.INI
2008-11-27 23:32 . 2008-11-27 23:32 <REP> d-------- C:\Translations
2008-11-27 23:32 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2008-11-27 23:17 . 2008-11-27 23:32 <REP> d-------- C:\Data
2008-11-27 23:16 . 2008-11-27 23:32 <REP> d-------- c:\program files\Fichiers communs\knifeedge
2008-11-27 23:16 . 2008-11-27 23:16 <REP> d-------- C:\Documentation
2008-11-27 17:40 . 2008-11-27 17:40 <REP> d-------- C:\FMS
2008-11-27 14:27 . 2008-11-27 14:27 <REP> d-------- c:\program files\Dashnamemove
2008-11-25 01:00 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\BOB51\Application Data\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
2008-11-25 00:59 . 2008-12-01 18:55 <REP> d-------- c:\program files\uPlayMe
2008-11-25 00:59 . 2008-11-25 00:59 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-11-25 00:56 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\All Users\Application Data\uPlayMe
2008-11-21 14:30 . 2008-11-21 14:30 <REP> d--h----- c:\windows\Bifrost
2008-11-20 18:41 . 2008-11-23 04:16 <REP> d-------- c:\program files\MessengerDiscovery
2008-11-20 18:41 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx
2008-11-20 12:55 . 2008-11-20 12:55 <REP> d-------- C:\v
2008-11-20 12:54 . 2008-11-20 12:58 <REP> d-------- C:\VehiPlan-2-0-0
2008-11-19 16:23 . 2008-11-19 16:23 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-11-17 08:44 . 2008-11-17 08:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-16 19:43 . 2008-11-16 19:43 <REP> d-------- C:\Logs
2008-11-13 01:41 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 01:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 03:00 . 2008-11-11 03:00 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-10 20:00 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-10 20:00 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-10 20:00 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-10 01:37 . 2008-11-23 04:15 <REP> d-------- c:\program files\Windows Live
2008-11-10 01:37 . 2008-11-23 04:12 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-10 01:37 . 2008-11-23 04:12 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-09 22:51 . 2008-11-09 22:58 255,788,920 --a------ C:\yy.rar
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 23:15 --------- d-----w c:\program files\Wanadoo
2008-12-04 23:15 --------- d-----w c:\program files\SPAMfighter
2008-12-01 21:04 --------- d-----w c:\program files\Everest Poker
2008-12-01 17:54 --------- d-----w c:\documents and settings\BOB51\Application Data\Orbit
2008-11-27 13:28 --------- d-----w c:\documents and settings\BOB51\Application Data\Dashnamemove
2008-11-19 15:23 --------- d-----w c:\program files\Fichiers communs\Real
2008-11-16 05:28 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-07 00:12 --------- d-----w c:\program files\TransVente
2008-10-30 22:56 96,384 ----a-w c:\windows\system32\drivers\sptd1981.sys
2008-10-29 23:59 --------- d-----w c:\program files\Java
2008-10-27 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
2008-10-27 15:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 15:41 --------- d-----w c:\program files\Epson Software
2008-10-27 15:38 --------- d-----w c:\documents and settings\BOB51\Application Data\InstallShield
2008-10-27 15:37 --------- d-----w c:\program files\epson
2008-10-27 15:36 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2008-10-27 15:33 --------- d-----w c:\documents and settings\BOB51\Application Data\EPSON
2008-10-26 13:44 --------- d-----w c:\program files\Fichiers communs\Application
2008-10-26 13:44 --------- d-----w c:\documents and settings\BOB51\Application Data\SPAMfighter
2008-10-26 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 20:14 --------- d-----w c:\program files\IDoser v4
2008-10-14 23:38 4,584 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-14 23:37 45,686 ----a-w c:\windows\BricoPackUninst.cmd
2008-10-14 23:09 --------- d-----w c:\program files\Atari
2008-10-08 20:31 7,131,136 ----a-w C:\RealFlight.exe
2008-09-29 10:53 847,872 ----a-w C:\LauncherG4.exe
2008-09-06 13:09 880,640 ----a-w C:\QTOControl.dll
2008-09-06 13:09 806,912 ----a-w C:\QTOLibrary.dll
2008-09-06 13:09 782,336 ----a-w C:\QTInfo.exe
2008-09-06 13:09 7,685,424 ----a-w C:\QuickTimePlayer.exe
2008-09-06 13:09 548,864 ----a-w C:\PictureViewer.exe
2008-09-06 13:09 413,696 ----a-w C:\QTTask.exe
2008-09-06 13:09 352,256 ----a-w C:\QTUIPanelControl.dll
2006-11-22 19:01 54 ----a-w c:\program files\inc1.bat
2006-11-22 19:01 41 ----a-w c:\program files\sleep.bat
2006-07-18 13:41 1,019,094 --sha-r c:\program files\serial.tde
2006-07-16 19:16 194,133 ----a-w c:\program files\patcher.exe
2006-07-13 19:36 280,692 ----a-w c:\program files\dr.exe
2006-07-13 19:23 291,956 ----a-w c:\program files\shell32.exe
2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.tbe
2006-05-28 16:34 435,756 ----a-w c:\program files\wunauclt.exe
2005-09-28 09:56 185,856 ----a-w c:\program files\7za.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Dashnamemove ----
---- Directory of c:\program files\Fichiers communs\knifeedge ----
2008-10-02 18:24 1871872 --a------ c:\program files\Fichiers communs\knifeedge\LauncherHelperG4.exe
((((((((((((((((((((((((((((( snapshot@2008-12-01_23.27.32.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-03 18:14:27 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2001-05-22 22:45:04 45,056 ----a-w c:\windows\PANIC32.dll
+ 2001-09-16 10:44:04 40,960 ----a-w c:\windows\PANICNT.dll
- 2008-10-30 22:58:32 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-03 15:33:00 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-10-30 22:58:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-12-03 15:33:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-30 22:58:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-03 15:33:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-03 18:14:27 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-11-20 18:10:42 63,862 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-01 22:26:22 63,862 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-20 18:10:42 77,476 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-12-01 22:26:23 77,476 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-20 18:10:42 406,662 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-01 22:26:23 406,662 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-20 18:10:43 474,972 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-12-01 22:26:23 474,972 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
2008-04-02 13:24 266240 --a------ c:\program files\Epson Software\Easy Photo Print\EPTBL.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"= "c:\program files\Epson Software\Easy Photo Print\EPTBL.dll" [2008-04-02 266240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"FIRSTFACE"="c:\docume~1\BOB51\APPLIC~1\DASHNA~1\ANTI CAKE DVD.exe" [2008-11-27 505344]
"TransVente"="c:\progra~1\TRANSV~1\TransVente.exe" [2006-11-23 40960]
"EPSON BX300F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE" [2008-01-22 188928]
"ManyCam"="c:\documents and settings\BOB51\Bureau\msn plus\ManyCam 2.3\ManyCam.exe" [2008-10-14 1791272]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"WinampAgent"="c:\winamp\Winampa.exe" [2008-08-04 36352]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="c:\photoshop album edition découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2006-09-19 212992]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-27 49152]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-10-22 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-19 185872]
"m6"="c:\m6video\M6video.exe" [BU]
"book bows bolt bib"="c:\documents and settings\All Users\Application Data\BONE ABOUT BOOK BOWS\list deaf.exe" [BU]
"uPlayMe"="c:\program files\uPlayMe\uPlayMe.exe" [BU]
"Pop-Up Stopper"="c:\program files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-14 868352]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Explorer"= {58005BE1-21D6-4575-AFB9-B030753FBDF6} - c:\documents and settings\All Users\Application Data\Microsoft\Protect\pjyxzjabti.dll [2008-12-02 928256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:bizzard downloader
"6112:UDP"= 6112:UDP:bizzard downloader
"4762:TCP"= 4762:TCP:emule
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-10-22 184968]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-07-25 476672]
S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera;c:\windows\system32\Drivers\usbvm323.sys [2007-07-25 259968]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0034b039-9e5e-4e5c-a439-a9e2dbfd98d2} - c:\windows\system32\iyrdbl.dll
BHO-{513098F5-5E33-4F2F-B419-162133078C87} - c:\windows\system32\fccyaXnk.dll
BHO-{59029086-5125-40EE-9369-53DE58284124} - c:\windows\system32\tuvUKAtt.dll
BHO-{75432cef-8201-4fa4-b2f8-c08e166b9a28} - c:\windows\system32\rbzasa.dll
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
SSODL-OLESys-{B0B28A0F-73C0-446E-BB4B-FA5C285A7BED} - c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 00:14:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\wsc32x.exe 294912 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00¨
[%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00.\03pè\13\00pè\13\00\18î"
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\FTRTSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wsc32x.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
.
**************************************************************************
.
Heure de fin: 2008-12-05 0:18:50 - La machine a redémarré [BOB51]
ComboFix-quarantined-files.txt 2008-12-04 23:18:47
ComboFix2.txt 2008-12-01 22:29:54
Avant-CF: 49,228,419,072 octets libres
Après-CF: 49,206,968,320 octets libres
347 --- E O F --- 2008-12-01 02:00:20
le 2
ComboFix 08-12-02.02 - BOB51 2008-12-05 0:04:15.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.190 [GMT 1:00]
Lancé depuis: c:\documents and settings\BOB51\Bureau\Combo-Fix.exe
Commutateurs utilisés :: c:\documents and settings\BOB51\Bureau\CFScript.txt
FILE ::
c:\windows\Tasks\A6B0FDD3918B6FB3.job
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll
c:\documents and settings\All Users\Application Data\Microsoft\Protect\ie.dll
c:\documents and settings\All Users\Application Data\up hold blue delete
c:\documents and settings\All Users\Application Data\up hold blue delete\bits warn.exe
c:\documents and settings\All Users\Application Data\up hold blue delete\Great Sixth.exe
c:\documents and settings\All Users\Application Data\vc meta poke axis
c:\documents and settings\All Users\Application Data\vc meta poke axis\jugsbike.exe
c:\documents and settings\All Users\Application Data\vc meta poke axis\VIEWTRANS.exe
c:\documents and settings\All Users\Application Data\winlogon.exe
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\uninstall.exe
c:\program files\Spyware Guard 2008\vbase.vdb
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\fbdruqmo.dll
c:\windows\system32\fccyaXnk.dll
c:\windows\system32\fnpexkwy.dll
c:\windows\system32\iedxdejm.dll
c:\windows\system32\jcmbigpu.ini
c:\windows\system32\jpigpb.dll
c:\windows\system32\knXayccf.ini
c:\windows\system32\knXayccf.ini2
c:\windows\system32\liuvioqt.dll
c:\windows\system32\mlJCTJda.dll
c:\windows\system32\nmbbiapa.dll
c:\windows\system32\omqurdbf.ini
c:\windows\system32\qqynrs.dll
c:\windows\system32\rbzasa.dll
c:\windows\system32\SpywareRemover.exe
c:\windows\system32\upgibmcj.dll
c:\windows\system32\wsc32x.exe
c:\windows\system32\ywkxepnf.ini
c:\windows\Tasks\A6B0FDD3918B6FB3.job
c:\windows\vmreg.dll
.
---- Previous Run -------
.
c:\windows\system32\ahtfkmnr.dll
c:\windows\system32\av.dat
c:\windows\system32\av.exe
c:\windows\system32\Drivers\TDSSmyvt.sys
c:\windows\system32\epfjwure.dll
c:\windows\system32\eruwjfpe.ini
c:\windows\system32\getwn32.dll
c:\windows\system32\giperv.dll
c:\windows\system32\iyrdbl.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\qfpsrsac.dll
c:\windows\system32\TDSSacsn.dll
c:\windows\system32\TDSSejja.dat
c:\windows\system32\TDSSjokw.dll
c:\windows\system32\TDSSoigq.log
c:\windows\system32\TDSSqxub.dll
c:\windows\system32\TDSStken.dll
c:\windows\system32\TDSSurtm.dll
c:\windows\system32\ttAKUvut.ini
c:\windows\system32\ttAKUvut.ini2
c:\windows\system32\tuvUKAtt.dll
c:\windows\system32\wertyu.dll
c:\windows\system32\xaaqbhvp.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-04 au 2008-12-04 ))))))))))))))))))))))))))))))))))))
.
2008-12-05 00:15 . 2008-12-05 00:15 294,912 --a------ c:\windows\system32\wsc32x.exe
2008-12-04 23:23 . 2008-12-04 23:23 <REP> d-------- C:\Lop SD
2008-12-03 22:39 . 2008-12-04 01:52 <REP> d-------- C:\ComboFix
2008-12-03 19:14 . 2008-12-03 19:14 250 --a------ c:\windows\gmer.ini
2008-12-03 17:37 . 2008-12-05 00:14 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-03 17:31 . 2008-12-03 23:00 <REP> d-------- c:\program files\Enigma Software Group
2008-12-03 04:13 . 2008-12-03 04:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-03 03:26 . 2006-08-24 22:41 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2008-12-03 03:26 . 2006-08-24 22:57 <REP> dr------- c:\documents and settings\Administrateur\Bureau
2008-12-03 03:26 . 2006-08-24 22:41 <REP> d-------- c:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-12-03 03:26 . 2006-08-24 22:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AOL
2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-03 03:25 . 2006-08-24 22:57 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2008-12-03 03:25 . 2004-08-16 16:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-03 03:25 . 2008-12-03 03:26 <REP> d-------- c:\documents and settings\Administrateur
2008-12-03 02:43 . 2008-12-03 02:43 <REP> d-------- c:\program files\Yahoo!
2008-12-03 02:42 . 2008-12-03 02:42 <REP> d-------- c:\program files\CCleaner
2008-12-03 02:26 . 2008-12-03 02:30 <REP> d-------- c:\program files\EMCO MoveOnBoot
2008-12-02 23:33 . 2008-12-02 23:33 228,864 --a------ c:\windows\system32\cowcvwod.exe
2008-12-02 00:14 . 2008-12-02 00:14 <REP> d-------- c:\program files\Panicware
2008-12-01 21:11 . 2008-12-01 23:51 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-01 21:11 . 2008-12-01 23:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\program files\vghd
2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\documents and settings\BOB51\Application Data\vghd
2008-12-01 18:27 . 2008-12-01 18:27 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-01 18:27 . 2008-12-01 22:16 461 --a------ c:\windows\system32\win32hlp.cnf
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\WIN.INI
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\SYSTEM.INI
2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\PROTOCOL.INI
2008-11-27 23:32 . 2008-11-27 23:32 <REP> d-------- C:\Translations
2008-11-27 23:32 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2008-11-27 23:17 . 2008-11-27 23:32 <REP> d-------- C:\Data
2008-11-27 23:16 . 2008-11-27 23:32 <REP> d-------- c:\program files\Fichiers communs\knifeedge
2008-11-27 23:16 . 2008-11-27 23:16 <REP> d-------- C:\Documentation
2008-11-27 17:40 . 2008-11-27 17:40 <REP> d-------- C:\FMS
2008-11-27 14:27 . 2008-11-27 14:27 <REP> d-------- c:\program files\Dashnamemove
2008-11-25 01:00 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\BOB51\Application Data\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
2008-11-25 00:59 . 2008-12-01 18:55 <REP> d-------- c:\program files\uPlayMe
2008-11-25 00:59 . 2008-11-25 00:59 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-11-25 00:56 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\All Users\Application Data\uPlayMe
2008-11-21 14:30 . 2008-11-21 14:30 <REP> d--h----- c:\windows\Bifrost
2008-11-20 18:41 . 2008-11-23 04:16 <REP> d-------- c:\program files\MessengerDiscovery
2008-11-20 18:41 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx
2008-11-20 12:55 . 2008-11-20 12:55 <REP> d-------- C:\v
2008-11-20 12:54 . 2008-11-20 12:58 <REP> d-------- C:\VehiPlan-2-0-0
2008-11-19 16:23 . 2008-11-19 16:23 <REP> d-------- c:\program files\Fichiers communs\xing shared
2008-11-17 08:44 . 2008-11-17 08:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-16 19:43 . 2008-11-16 19:43 <REP> d-------- C:\Logs
2008-11-13 01:41 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 01:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 03:00 . 2008-11-11 03:00 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-10 20:00 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-10 20:00 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-10 20:00 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-10 01:37 . 2008-11-23 04:15 <REP> d-------- c:\program files\Windows Live
2008-11-10 01:37 . 2008-11-23 04:12 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-10 01:37 . 2008-11-23 04:12 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-09 22:51 . 2008-11-09 22:58 255,788,920 --a------ C:\yy.rar
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 23:15 --------- d-----w c:\program files\Wanadoo
2008-12-04 23:15 --------- d-----w c:\program files\SPAMfighter
2008-12-01 21:04 --------- d-----w c:\program files\Everest Poker
2008-12-01 17:54 --------- d-----w c:\documents and settings\BOB51\Application Data\Orbit
2008-11-27 13:28 --------- d-----w c:\documents and settings\BOB51\Application Data\Dashnamemove
2008-11-19 15:23 --------- d-----w c:\program files\Fichiers communs\Real
2008-11-16 05:28 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-07 00:12 --------- d-----w c:\program files\TransVente
2008-10-30 22:56 96,384 ----a-w c:\windows\system32\drivers\sptd1981.sys
2008-10-29 23:59 --------- d-----w c:\program files\Java
2008-10-27 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
2008-10-27 15:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 15:41 --------- d-----w c:\program files\Epson Software
2008-10-27 15:38 --------- d-----w c:\documents and settings\BOB51\Application Data\InstallShield
2008-10-27 15:37 --------- d-----w c:\program files\epson
2008-10-27 15:36 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
2008-10-27 15:33 --------- d-----w c:\documents and settings\BOB51\Application Data\EPSON
2008-10-26 13:44 --------- d-----w c:\program files\Fichiers communs\Application
2008-10-26 13:44 --------- d-----w c:\documents and settings\BOB51\Application Data\SPAMfighter
2008-10-26 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 20:14 --------- d-----w c:\program files\IDoser v4
2008-10-14 23:38 4,584 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-14 23:37 45,686 ----a-w c:\windows\BricoPackUninst.cmd
2008-10-14 23:09 --------- d-----w c:\program files\Atari
2008-10-08 20:31 7,131,136 ----a-w C:\RealFlight.exe
2008-09-29 10:53 847,872 ----a-w C:\LauncherG4.exe
2008-09-06 13:09 880,640 ----a-w C:\QTOControl.dll
2008-09-06 13:09 806,912 ----a-w C:\QTOLibrary.dll
2008-09-06 13:09 782,336 ----a-w C:\QTInfo.exe
2008-09-06 13:09 7,685,424 ----a-w C:\QuickTimePlayer.exe
2008-09-06 13:09 548,864 ----a-w C:\PictureViewer.exe
2008-09-06 13:09 413,696 ----a-w C:\QTTask.exe
2008-09-06 13:09 352,256 ----a-w C:\QTUIPanelControl.dll
2006-11-22 19:01 54 ----a-w c:\program files\inc1.bat
2006-11-22 19:01 41 ----a-w c:\program files\sleep.bat
2006-07-18 13:41 1,019,094 --sha-r c:\program files\serial.tde
2006-07-16 19:16 194,133 ----a-w c:\program files\patcher.exe
2006-07-13 19:36 280,692 ----a-w c:\program files\dr.exe
2006-07-13 19:23 291,956 ----a-w c:\program files\shell32.exe
2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.tbe
2006-05-28 16:34 435,756 ----a-w c:\program files\wunauclt.exe
2005-09-28 09:56 185,856 ----a-w c:\program files\7za.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Dashnamemove ----
---- Directory of c:\program files\Fichiers communs\knifeedge ----
2008-10-02 18:24 1871872 --a------ c:\program files\Fichiers communs\knifeedge\LauncherHelperG4.exe
((((((((((((((((((((((((((((( snapshot@2008-12-01_23.27.32.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-03 18:14:27 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2001-05-22 22:45:04 45,056 ----a-w c:\windows\PANIC32.dll
+ 2001-09-16 10:44:04 40,960 ----a-w c:\windows\PANICNT.dll
- 2008-10-30 22:58:32 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-03 15:33:00 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-10-30 22:58:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-12-03 15:33:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-30 22:58:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-03 15:33:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-03 18:14:27 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-11-20 18:10:42 63,862 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-01 22:26:22 63,862 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-20 18:10:42 77,476 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-12-01 22:26:23 77,476 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-20 18:10:42 406,662 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-01 22:26:23 406,662 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-20 18:10:43 474,972 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-12-01 22:26:23 474,972 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
2008-04-02 13:24 266240 --a------ c:\program files\Epson Software\Easy Photo Print\EPTBL.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"= "c:\program files\Epson Software\Easy Photo Print\EPTBL.dll" [2008-04-02 266240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"FIRSTFACE"="c:\docume~1\BOB51\APPLIC~1\DASHNA~1\ANTI CAKE DVD.exe" [2008-11-27 505344]
"TransVente"="c:\progra~1\TRANSV~1\TransVente.exe" [2006-11-23 40960]
"EPSON BX300F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE" [2008-01-22 188928]
"ManyCam"="c:\documents and settings\BOB51\Bureau\msn plus\ManyCam 2.3\ManyCam.exe" [2008-10-14 1791272]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"WinampAgent"="c:\winamp\Winampa.exe" [2008-08-04 36352]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="c:\photoshop album edition découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2006-09-19 212992]
"BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-27 49152]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-10-22 325768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-19 185872]
"m6"="c:\m6video\M6video.exe" [BU]
"book bows bolt bib"="c:\documents and settings\All Users\Application Data\BONE ABOUT BOOK BOWS\list deaf.exe" [BU]
"uPlayMe"="c:\program files\uPlayMe\uPlayMe.exe" [BU]
"Pop-Up Stopper"="c:\program files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-14 868352]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Explorer"= {58005BE1-21D6-4575-AFB9-B030753FBDF6} - c:\documents and settings\All Users\Application Data\Microsoft\Protect\pjyxzjabti.dll [2008-12-02 928256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:bizzard downloader
"6112:UDP"= 6112:UDP:bizzard downloader
"4762:TCP"= 4762:TCP:emule
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-10-22 184968]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-07-25 476672]
S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera;c:\windows\system32\Drivers\usbvm323.sys [2007-07-25 259968]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0034b039-9e5e-4e5c-a439-a9e2dbfd98d2} - c:\windows\system32\iyrdbl.dll
BHO-{513098F5-5E33-4F2F-B419-162133078C87} - c:\windows\system32\fccyaXnk.dll
BHO-{59029086-5125-40EE-9369-53DE58284124} - c:\windows\system32\tuvUKAtt.dll
BHO-{75432cef-8201-4fa4-b2f8-c08e166b9a28} - c:\windows\system32\rbzasa.dll
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
SSODL-OLESys-{B0B28A0F-73C0-446E-BB4B-FA5C285A7BED} - c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 00:14:24
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\wsc32x.exe 294912 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00¨
[%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00.\03pè\13\00pè\13\00\18î"
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\FTRTSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wsc32x.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
.
**************************************************************************
.
Heure de fin: 2008-12-05 0:18:50 - La machine a redémarré [BOB51]
ComboFix-quarantined-files.txt 2008-12-04 23:18:47
ComboFix2.txt 2008-12-01 22:29:54
Avant-CF: 49,228,419,072 octets libres
Après-CF: 49,206,968,320 octets libres
347 --- E O F --- 2008-12-01 02:00:20
Re,
J'aurais besoin d'un nouveau rapport DDS.txt. Refais un scan avec l'outil et poste-moi le nouveau rapport.
slt je vais en refaire un ,juste pour te dire que le virus guard 2008 n es plus la ,dumoin je le voit plus depuis que j ai lancer conbofix bizarre non ? parcontre j ai toujours 2 croix rouge a coter de l horloge c windows security center
| Anonyme a écrit : slt je vais en refaire un ,juste pour te dire que le virus guard 2008 n es plus la ,dumoin je le voit plus depuis que j ai lancer conbofix bizarre non ? parcontre j ai toujours 2 croix rouge a coter de l horloge c windows security center |
Oui oui il reste du ménage à faire, et même pas mal encore 
Mais j'ai besoin du rapport demandé.
Il y a 2043 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
