Se connecter / S'enregistrer
Votre question

GROS PROBLEME VIRUS SPYWARE GUARD 2008

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
3 Décembre 2008 19:01:25

bonjour a vous tous ,voila mon gros soucis depuis 24 h ,j ai se spyware guard 2008 qui me fait tourner la tete avec en plus windows security center .

sa fait plus de 10 h que j y suis ,j ai tout essayer rien ni fait meme avec ccleaner pas possible avec spy hunter pareil ,je suis perdu .


enfin voila j espere que avec votre aide sa va changer merci d avance

Autres pages sur : gros probleme virus spyware guard 2008

Anonyme
3 Décembre 2008 19:04:21

a savoir aussi que d que je ouvre une page web sa m ouvre une autre automatiquement
3 Décembre 2008 19:06:29

:hello:  Bonjour,

Je vais t'aider à résoudre ton problème. Merci de suivre à la lettre mes instructions et de ne pas prendre d'initiatives personnelles. Si tu as la moindre question, je suis à ton écoute.

Merci de prendre en compte que je suis bénévole et que j'ai une vie privée : je passe au moins une fois par jour.

Si tu penses avoir été oublié, envoie-moi un MP pour me le signaler.

1) Télécharge Gmer.

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe.
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.

    2) Télécharge DDS de sUBs et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil. Ne double clique qu'une seule fois dessus, sois patient !
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt, garde l'autre sous la main si jamais je te le demande.

    N.B : Je risque de ne pas pouvoir te répondre avant demain soir, donc sois patient, je résoudrai ton problème. Et ne prends pas d'initiatives personnelles, si tu veux que mon aide soit la plus efficace possible.

    ;) 
    Contenus similaires
    Anonyme
    3 Décembre 2008 20:01:22

    slt merci de prendre de ton temp avec moi voici se que tu ma demander


    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-12-03 19:44:10
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.14 ----

    SSDT sptd.sys ZwCreateKey [0xF72BBB3A] <-- ROOTKIT !!!
    SSDT sptd.sys ZwEnumerateKey [0xF72BBC7E] <-- ROOTKIT !!!
    SSDT sptd.sys ZwEnumerateValueKey [0xF72BBFF6] <-- ROOTKIT !!!
    SSDT sptd.sys ZwOpenKey [0xF72BBA18] <-- ROOTKIT !!!
    SSDT sptd.sys ZwQueryKey [0xF72BC0C0] <-- ROOTKIT !!!
    SSDT sptd.sys ZwQueryValueKey [0xF72BBF58] <-- ROOTKIT !!!
    SSDT sptd.sys ZwSetValueKey [0xF72BC148] <-- ROOTKIT !!!

    ---- Kernel code sections - GMER 1.0.14 ----

    ? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    ? C:\WINDOWS\System32\Drivers\SPTD1981.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !

    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF705C6 769614E5 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF705D6 769614F5 2 Bytes [ 00, 00 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF705DA 769614F9 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF705E2 76961501 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + FFF70606 76961525 1 Byte [ 00 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + B 76966362 4 Bytes [ 46, 00, 61, 00 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + 10 76966367 42 Bytes [ 00, 6F, 00, 72, 00, 69, 00, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + 3B 76966392 5 Bytes [ 74, 00, 65, 00, 73 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + 41 76966398 7 Bytes [ 00, 00, 90, 90, 43, 00, 6F ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryW + 49 769663A0 93 Bytes [ 6D, 00, 6D, 00, 6F, 00, 6E, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + 1B 769666BC 77 Bytes [ 90, 90, 90, 90, 68, 4C, 14, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + 88 76966729 11 Bytes [ 00, 8D, 4E, 38, C6, 46, 30, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + 94 76966735 53 Bytes [ FF, C7, 46, 34, 01, 00, 01, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + CA 7696676B 107 Bytes [ 15, 88, 13, 96, 76, 59, 59, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryW + 136 769667D7 59 Bytes [ 75, 14, 8D, 4E, 24, E8, 25, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + 2F 769669C4 115 Bytes [ 0F, 84, 0A, 42, 03, 00, 68, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + A3 76966A38 31 Bytes [ 65, 00, 76, 00, 65, 00, 6C, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + C3 76966A58 14 Bytes [ 6E, 00, 00, 00, 31, 00, 00, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + D4 76966A69 26 Bytes [ 5C, 00, 00, 31, 23, 00, 00, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CreateEnvironmentBlock + EF 76966A84 7 Bytes [ 6C, 7A, 04, 00, CF, 91, 04 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 2 769675AC 35 Bytes [ 02, 0F, 85, 2C, 42, 01, 00, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 40 769675EA 26 Bytes [ 0F, 84, 08, 42, 01, 00, 8D, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 5C 76967606 6 Bytes [ 74, 63, 8B, 85, E0, FB ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 64 7696760E 28 Bytes [ 39, 30, 72, 59, 8D, 85, F4, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryW + 81 7696762B 18 Bytes [ 01, 00, 00, 00, 8B, 85, E0, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 2 76967735 27 Bytes [ 15, 04, 11, 96, 76, 8B, F8, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 1E 76967751 18 Bytes [ 50, 8D, 85, 18, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 31 76967764 36 Bytes [ FF, C7, 85, 28, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 56 76967789 62 Bytes [ FF, 15, 00, 11, 96, 76, 8D, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserW + 95 769677C8 6 Bytes [ 50, FF, B5, 20, FD, FF ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 15 76967CBA 17 Bytes [ 85, 0C, 00, 00, FF, 75, E8, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 27 76967CCC 15 Bytes [ 68, C4, 7C, 96, 76, 68, B0, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 37 76967CDC 29 Bytes CALL 879692E0
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 55 76967CFA 21 Bytes [ F4, 74, 09, FF, 75, F4, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DestroyEnvironmentBlock + 6B 76967D10 63 Bytes [ 15, AC, 12, 96, 76, 8B, 45, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + 16 7696861D 63 Bytes [ 85, C0, 0F, 84, 53, 32, 01, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + 56 7696865D 114 Bytes [ 18, FD, FF, FF, 50, 56, 68, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + CA 769686D1 16 Bytes [ 50, FF, B5, 20, FD, FF, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + DB 769686E2 1 Byte [ 00 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RegisterGPNotification + DD 769686E4 37 Bytes [ 8B, 85, 24, FD, FF, FF, 89, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 21 7696899B 3 Bytes [ 00, 6A, 40 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 26 769689A0 2 Bytes [ B8, 12 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 2A 769689A4 53 Bytes [ 3B, C6, 89, 85, F0, FD, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 60 769689DA 1 Byte [ 10 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForMachinePolicyForegroundProcessing + 62 769689DC 9 Bytes [ 00, C7, 85, D0, FD, FF, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + 71 76968EE2 6 Bytes [ 33, F6, E9, DA, 17, 00 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + AF 76968F20 7 Bytes [ FF, 90, 90, 90, 90, 90, 8B ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + B7 76968F28 118 Bytes [ 55, 8B, EC, 83, EC, 1C, 56, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + 12E 76968F9F 51 Bytes [ 35, 90, 12, A0, 76, FF, D6, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfileType + 162 76968FD3 266 Bytes [ 35, 90, 12, A0, 76, FF, D6, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 5F 769690DE 1 Byte [ 65 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 61 769690E0 1 Byte [ 74 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 63 769690E2 1 Byte [ 61 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 65 769690E4 1 Byte [ 70 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!WaitForUserPolicyForegroundProcessing + 67 769690E6 1 Byte [ 69 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + D 7696950C 3 Bytes [ 20, 00, 69 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + 11 76969510 19 Bytes [ 6D, 00, 70, 00, 65, 00, 72, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + 25 76969524 53 Bytes [ 20, 00, 75, 00, 73, 00, 65, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + 5B 7696955A 123 Bytes [ 75, FC, 89, 75, F4, E8, DA, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetNextFgPolicyRefreshInfo + D7 769695D6 33 Bytes [ D3, 85, C0, 0F, 84, E6, 01, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + 1B 7696AD37 8 Bytes [ 78, 24, 89, 78, 20, 89, 78, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + 24 7696AD40 12 Bytes [ 78, 2C, 8B, F0, 3B, F7, 0F, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + 67 7696AD83 2 Bytes [ C4, FD ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + 6B 7696AD87 80 Bytes [ FF, 75, F8, FF, 46, 24, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileW + BC 7696ADD8 101 Bytes [ 61, 00, 67, 00, 65, 00, 72, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + 5 7696E624 2 Bytes [ DD, 96 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + 31 7696E650 72 Bytes [ F6, 06, 01, 75, 3B, 8D, 85, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + 9D 7696E6BC 6 Bytes [ 85, C0, 0F, 84, 07, EC ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + A5 7696E6C4 123 Bytes [ 8D, 85, 7C, FE, FF, FF, 50, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopLoggingEnabled + 121 7696E740 79 Bytes [ FF, 50, 53, FF, B5, 7C, FE, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 7 7696F11E 11 Bytes [ 65, 00, 5C, 00, 4D, 00, 69, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 13 7696F12A 57 Bytes [ 6F, 00, 73, 00, 6F, 00, 66, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 4D 7696F164 19 Bytes [ 6F, 00, 6E, 00, 5C, 00, 57, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 61 7696F178 1 Byte [ 6E ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!EnterCriticalPolicySection + 63 7696F17A 15 Bytes [ 5C, 00, 47, 00, 50, 00, 45, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + 8 7697113B 3 Bytes [ 14, 96, 76 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + C 7697113F 83 Bytes [ C0, 7C, 1F, 8D, 45, FC, 50, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + 60 76971193 20 Bytes [ 0F, 85, 75, D8, FF, FF, E9, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + 75 769711A8 6 Bytes [ 39, BD, 10, FE, FF, FF ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListW + 7D 769711B0 9 Bytes [ C8, D8, FF, FF, 39, BD, 74, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + 2 76974373 23 Bytes [ 50, 56, 68, 3C, 2B, 97, 76, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + 1A 7697438B 45 Bytes [ FF, 04, 00, 00, 00, FF, D7, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + 48 769743B9 58 Bytes [ FC, FF, FF, 50, FF, B5, 3C, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + 83 769743F4 86 Bytes [ 39, B5, 48, FC, FF, FF, 74, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LeaveCriticalPolicySection + DA 7697444B 15 Bytes [ FF, 39, B5, 50, FC, FF, FF, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 2C 769798C0 68 Bytes [ 33, F6, EB, 0A, B8, 39, 05, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 71 76979905 196 Bytes [ 0E, 89, 08, 8B, CE, E8, 3C, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 136 769799CA 40 Bytes [ 75, 08, FF, 37, FF, D3, 3B, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 15F 769799F3 128 Bytes [ 75, FC, FF, D7, 3B, C6, 89, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnregisterGPNotification + 1E0 76979A74 1 Byte [ 72 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 2D 769A3A56 29 Bytes [ 75, 00, 6C, 00, 64, 00, 6E, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 4B 769A3A74 17 Bytes [ 20, 00, 6D, 00, 65, 00, 6D, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 5D 769A3A86 27 Bytes [ 6F, 00, 72, 00, 20, 00, 77, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 79 769A3AA2 11 Bytes [ 66, 00, 65, 00, 72, 00, 2E, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryW + 85 769A3AAE 195 Bytes [ 72, 00, 72, 00, 6F, 00, 72, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + 36 769A7821 27 Bytes [ FF, 15, 80, 11, 96, 76, 33, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + 52 769A783D 19 Bytes [ 15, 90, 11, 96, 76, 3B, C7, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + 66 769A7851 15 Bytes [ 39, 3D, C8, 12, A0, 76, 74, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + 76 769A7861 115 Bytes [ 57, EB, 51, 8B, 3D, 78, 12, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!LoadUserProfileA + EA 769A78D5 38 Bytes [ FF, D6, 50, 8D, 4D, E4, E8, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 14 769A7F43 115 Bytes [ 3B, C3, 8B, 3D, D4, 11, 96, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 88 769A7FB7 7 Bytes [ EB, 26, 68, C8, 70, 9A, 76 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 90 769A7FBF 5 Bytes [ 35, A8, 13, A0, 76 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 96 769A7FC5 1 Byte [ D6 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetProfilesDirectoryA + 98 769A7FC7 146 Bytes [ C3, A3, B4, 13, A0, 76, 75, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + 31 769A80E4 58 Bytes [ 48, 00, 6C, 00, 70, 00, 41, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + 6C 769A811F 88 Bytes [ 00, 6E, 00, 74, 00, 72, 00, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + C5 769A8178 1 Byte [ 20 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + C7 769A817A 1 Byte [ 66 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetDefaultUserProfileDirectoryA + C9 769A817C 1 Byte [ 69 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + 55 769A82AA 1 Byte [ A0 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + 57 769A82AC 8 Bytes [ 0F, 84, 17, 01, 00, 00, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + 60 769A82B5 60 Bytes [ 68, 68, 77, 9A, 76, E9, 01, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + 9D 769A82F2 2 Bytes [ 9A, 76 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAllUsersProfileDirectoryA + A0 769A82F5 5 Bytes [ 35, 58, 2D, A0, 76 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + 1B 769A8412 175 Bytes [ F3, AB, 8D, 4D, E4, 89, 5D, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + CB 769A84C2 1 Byte [ 73 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + CD 769A84C4 1 Byte [ 32 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + CF 769A84C6 1 Byte [ 5F ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetUserProfileDirectoryA + D1 769A84C8 1 Byte [ 33 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + B1 769A87CA 1 Byte [ 2E ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + B3 769A87CC 1 Byte [ 00 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + B5 769A87CE 3 Bytes [ 90, 90, 77 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + B9 769A87D2 1 Byte [ 73 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ExpandEnvironmentStringsForUserA + BB 769A87D4 1 Byte [ 32 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + 4D 769A8D56 9 Bytes [ D6, 8B, 45, 0C, 5E, 5F, 5B, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + 57 769A8D60 42 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + 82 769A8D8B 46 Bytes [ 15, B8, 12, 96, 76, 8B, D8, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + B1 769A8DBA 26 Bytes [ 56, 8B, 35, AC, 12, 96, 76, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListA + CC 769A8DD5 78 Bytes [ 1B, 39, 45, 0C, 74, 13, 50, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListA + 37 769A8E24 51 Bytes [ 15, B8, 12, 96, 76, 8B, D8, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!FreeGPOListA + 72 769A8E5F 60 Bytes [ 0C, FF, D6, 33, C0, 3B, F8, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 1C 769A8E9C 8 Bytes [ FF, 55, 8B, EC, 6A, 00, 6A, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 27 769A8EA7 32 Bytes [ FF, 75, 0C, FF, 75, 08, E8, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 48 769A8EC8 2 Bytes [ 9B, 4B ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 4E 769A8ECE 42 Bytes [ 85, F6, 74, 52, 53, FF, 75, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListA + 79 769A8EF9 3 Bytes [ FF, 8B, F8 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + 47 769A8FC2 18 Bytes [ 56, 56, FF, D7, 3B, 45, FC, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + 5A 769A8FD5 16 Bytes [ 75, 08, 6A, FF, FF, 75, 0C, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + 6B 769A8FE6 37 Bytes [ 15, 54, 12, 96, 76, 8B, C7, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + 91 769A900C 45 Bytes [ 73, 00, 44, 00, 69, 00, 72, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileA + BF 769A903A 1 Byte [ 20 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 3C 769B0C19 6 Bytes [ 00, 4C, 00, 6F, 00, 63 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 43 769B0C20 37 Bytes [ 61, 00, 6C, 00, 48, 00, 69, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 69 769B0C46 1 Byte [ 3E ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 6B 769B0C48 35 Bytes [ 00, 00, 90, 90, 90, 90, 90, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!CheckXForestLogon + 8F 769B0C6C 1 Byte [ 3A ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + 11 769B4F92 78 Bytes [ FB, FF, FF, 50, FF, D7, 8D, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + 60 769B4FE1 4 Bytes [ B5, CC, F7, FF ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + 6B 769B4FEC 5 Bytes [ B5, C8, F7, FF, FF ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + 71 769B4FF2 12 Bytes [ 15, F0, 12, 96, 76, 8B, 4D, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DeleteProfileW + A4 769B5025 1 Byte [ A0 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 4B 769BD972 7 Bytes [ 70, 00, 72, 00, 6F, 00, 66 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 53 769BD97A 11 Bytes [ 69, 00, 6C, 00, 65, 00, 20, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 5F 769BD986 7 Bytes [ 72, 00, 76, 00, 65, 00, 72 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 67 769BD98E 35 Bytes [ 20, 00, 77, 00, 69, 00, 74, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!UnloadUserProfile + 8B 769BD9B2 9 Bytes [ 6E, 00, 6C, 00, 6F, 00, 61, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 18B 769CEA62 1 Byte [ 72 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 18D 769CEA64 1 Byte [ 6F ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 18F 769CEA66 3 Bytes [ 63, 00, 65 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 193 769CEA6A 1 Byte [ 73 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicy + 195 769CEA6C 1 Byte [ 73 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 1D 769CF8B8 1 Byte [ 20 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 1F 769CF8BA 7 Bytes [ 63, 00, 6F, 00, 6E, 00, 74 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 27 769CF8C2 1 Byte [ 72 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 29 769CF8C4 30 Bytes [ 6F, 00, 6C, 00, 2E, 00, 65, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RefreshPolicyEx + 48 769CF8E3 2 Bytes [ 12, A0 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 1 769CFB4E 33 Bytes [ 46, 2C, 3B, C7, 8B, 3D, 68, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 23 769CFB70 19 Bytes [ D7, 8B, 46, 38, 85, C0, 74, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 37 769CFB84 3 Bytes [ 8F, 76, F9 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 3B 769CFB88 78 Bytes [ 8B, 46, 74, 85, C0, 74, 03, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompletedEx + 8A 769CFBD7 23 Bytes [ 50, 6A, 6D, FF, 35, E4, 12, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 7 769D07A2 17 Bytes [ 69, 00, 6E, 00, 74, 00, 20, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 19 769D07B4 75 Bytes [ 6C, 00, 20, 00, 3C, 00, 25, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 65 769D0800 17 Bytes [ 6C, 00, 65, 00, 64, 00, 20, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 77 769D0812 31 Bytes [ 65, 00, 72, 00, 79, 00, 20, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ProcessGroupPolicyCompleted + 97 769D0832 1 Byte [ 50 ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetPreviousFgPolicyRefreshInfo + 6 769D26CF 32 Bytes [ FF, D6, 39, BD, C4, FD, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetPreviousFgPolicyRefreshInfo + 27 769D26F0 3 Bytes [ C9, C2, 0C ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetPreviousFgPolicyRefreshInfo + 2B 769D26F4 10 Bytes [ 39, 3D, C8, 12, A0, 76, 74, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + 1B 769D271D 14 Bytes [ F9, FF, 83, C4, 10, EB, AD, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + 2A 769D272C 179 Bytes [ 76, 00, 65, 00, 4D, 00, 65, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + DE 769D27E0 139 Bytes [ 64, 00, 65, 00, 53, 00, 74, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + 16A 769D286C 73 Bytes [ 69, 00, 74, 00, 68, 00, 20, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!ForceSyncFgPolicy + 1B4 769D28B6 1 Byte [ 6F ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + 9 769D400C 1 Byte [ 20 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + B 769D400E 78 Bytes [ 56, 00, 65, 00, 72, 00, 73, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + 5A 769D405D 34 Bytes [ 00, 3A, 00, 20, 00, 46, 00, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + 7D 769D4080 15 Bytes [ 70, 00, 74, 00, 69, 00, 6F, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetAppliedGPOListW + 8D 769D4090 13 Bytes [ 65, 00, 67, 00, 20, 00, 76, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + 11 769D695A 100 Bytes [ 75, F4, FF, 75, 14, 50, FF, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + 76 769D69BF 41 Bytes [ 70, 04, FF, 76, 70, E8, 95, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + A0 769D69E9 46 Bytes [ 14, 6A, 01, EB, 02, 57, 57, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + CF 769D6A18 29 Bytes [ 61, 00, 63, 00, 68, 00, 41, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GenerateRsopPolicy + ED 769D6A36 41 Bytes [ 73, 00, 74, 00, 3A, 00, 20, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 15 769D7A54 125 Bytes [ E4, 39, 3D, C8, 12, A0, 76, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 93 769D7AD2 153 Bytes [ 40, FF, 15, B8, 12, 96, 76, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 12E 769D7B6D 70 Bytes CALL 769A5CAA C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation)
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 175 769D7BB4 1 Byte [ 01 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!GetGPOListW + 178 769D7BB7 35 Bytes [ 6A, 01, 6A, 01, 57, FF, 73, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + 7D 769EDFC2 65 Bytes [ 90, 90, 90, 90, 90, 90, 50, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + BF 769EE004 1 Byte [ 61 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + C1 769EE006 25 Bytes [ 69, 00, 6C, 00, 65, 00, 64, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + DB 769EE020 11 Bytes [ 63, 00, 6F, 00, 64, 00, 65, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopAccessCheckByType + E7 769EE02C 53 Bytes [ 30, 00, 78, 00, 25, 00, 30, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + 5F 769EE858 13 Bytes [ 6B, 00, 65, 00, 6E, 00, 20, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + 6D 769EE866 1 Byte [ 78 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + 6F 769EE868 67 Bytes [ 70, 00, 61, 00, 6E, 00, 64, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + B3 769EE8AC 1 Byte [ 78 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopFileAccessCheck + B5 769EE8AE 26 Bytes [ 25, 00, 78, 00, 00, 00, 90, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllCanUnloadNow + 17 769EECEC 150 Bytes [ 0F, 8C, C1, 01, 00, 00, 8B, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllRegisterServer + 91 769EED84 48 Bytes [ 33, C0, 3B, C1, 0F, 84, 90, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllRegisterServer + C2 769EEDB5 6 Bytes [ 8B, 45, F4, 3B, 45, 0C ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllRegisterServer + C9 769EEDBC 62 Bytes [ 0F, 82, AE, FD, FF, FF, 33, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 1 769EEEA4 105 Bytes [ C7, 75, 1B, 89, 03, EB, 1D, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 6B 769EEF0E 30 Bytes [ 3B, C7, 59, 74, 0A, 89, 30, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 8A 769EEF2D 148 Bytes [ FF, EB, 07, 89, 43, 04, C6, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 133 769EEFD6 30 Bytes [ 75, 08, FF, 15, 30, 10, 96, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllUnregisterServer + 152 769EEFF5 108 Bytes [ FF, 83, C4, 10, BF, 05, 40, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + 3F 769EF113 37 Bytes [ 00, 8B, 45, 20, 0F, B7, 40, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + 65 769EF139 54 Bytes [ FF, 33, C9, 85, C0, 0F, 95, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + 9C 769EF170 31 Bytes [ 8B, 7D, F4, 83, C4, 10, EB, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + BC 769EF190 51 Bytes [ 68, 98, E5, 9E, 76, 6A, 04, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllGetClassObject + F0 769EF1C4 26 Bytes [ 68, 98, E5, 9E, 76, 6A, 04, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllInstall + B 769EFC40 11 Bytes [ 6E, 00, 63, 00, 74, 00, 69, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllInstall + 17 769EFC4C 143 Bytes [ 20, 00, 63, 00, 61, 00, 6C, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllInstall + A7 769EFCDC 33 Bytes [ 75, 0C, 83, 3D, 84, 2D, A0, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!DllInstall + C9 769EFCFE 59 Bytes [ A1, EC, 13, A0, 76, 53, 56, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + 29 769EFD3A 47 Bytes [ FF, 50, FF, 15, 34, 12, 96, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + 59 769EFD6A 7 Bytes [ D6, 59, 8D, 44, 00, 02, 50 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + 61 769EFD72 32 Bytes [ 8B, 3D, E0, 10, 96, 76, 6A, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + 82 769EFD93 37 Bytes [ B5, F0, FB, FF, FF, FF, D3, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopSetPolicySettingStatus + A9 769EFDBA 24 Bytes [ D6, 59, 8D, 44, 00, 02, 50, ... ]
    .text ...
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + D 769F0F2C 2 Bytes [ 83, C4 ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + 10 769F0F2F 49 Bytes [ 8D, 85, 44, FE, FF, FF, 50, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + 42 769F0F61 27 Bytes [ FF, 3B, C7, 0F, 84, 42, FE, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + 5E 769F0F7D 43 Bytes [ 0F, 84, 69, 07, 00, 00, 66, ... ]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[352] USERENV.dll!RsopResetPolicySettingStatus + 8A 769F0FA9 109 Bytes [ 68, 50, B3, 99, 76, 8D, 8D, ... ]
    .text ...
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection 7C911000 5 Bytes [ 4D, 5A, 90, 00, 03 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection + 7 7C911007 7 Bytes [ 00, 04, 00, 00, 00, FF, FF ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection + F 7C91100F 18 Bytes [ 00, B8, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection + 24 7C911024 4 Bytes [ 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlEnterCriticalSection + 29 7C911029 3 Bytes [ 00, 00, 00 ]
    .text ...
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection 7C9110E0 28 Bytes [ 50, 45, 00, 00, 4C, 01, 04, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection + 1D 7C9110FD 8 Bytes [ A0, 07, 00, 00, 84, 03, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection + 28 7C911108 4 Bytes [ 28, 2C, 01, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection + 2D 7C91110D 1 Byte [ 10 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlLeaveCriticalSection + 30 7C911110 19 Bytes [ 00, 60, 07, 00, 00, 00, 91, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + C 7C911124 1 Byte [ 05 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + E 7C911126 10 Bytes [ 01, 00, 04, 00, 0A, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + 19 7C911131 10 Bytes [ 60, 0B, 00, 00, 04, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + 24 7C91113C 3 Bytes [ 03, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlTryEnterCriticalSection + 2A 7C911142 2 Bytes [ 04, 00 ]
    .text ...
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!LdrInitializeThunk 7C911166 14 Bytes [ 00, 00, 00, 00, 08, 00, C4, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!LdrInitializeThunk + F 7C911175 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!LdrInitializeThunk + 2D 7C911193 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + D 7C9111A5 15 Bytes [ 00, 00, 00, 70, F3, 04, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + 1E 7C9111B6 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + 26 7C9111BE 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + 2D 7C9111C5 4 Bytes [ 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlActivateActivationContextUnsafeFast + 33 7C9111CB 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text ...
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + F 7C9111EC 6 Bytes [ 00, 04, 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 16 7C9111F3 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 22 7C9111FF 8 Bytes [ 60, 2E, 64, 61, 74, 61, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 2C 7C911209 20 Bytes [ 4A, 00, 00, 00, B0, 07, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!NtCurrentTeb 7C91121E 3 Bytes [ 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!NtCurrentTeb + 6 7C911224 15 Bytes [ 40, 00, 00, C0, 2E, 72, 73, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitString + F 7C911234 20 Bytes [ 00, 00, 08, 00, 00, 22, 03, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitString + 25 7C91124A 18 Bytes [ 00, 00, 40, 00, 00, 40, 2E, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitAnsiString 7C91125D 11 Bytes [ 30, 0B, 00, 00, 30, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitAnsiString + F 7C91126C 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitAnsiString + 25 7C911282 5 Bytes [ 00, 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitAnsiString + 2C 7C911289 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitUnicodeString 7C911295 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitUnicodeString + F 7C9112A4 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitUnicodeString + 28 7C9112BD 5 Bytes [ 00, 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!RtlInitUnicodeString + 2F 7C9112C4 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsin 7C9112D1 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsin + B 7C9112DC 2 Bytes [ 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsin + 10 7C9112E1 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 9 7C9112EE 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 2D 7C911312 4 Bytes [ 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 33 7C911318 2 Bytes [ 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 38 7C91131D 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sin + 43 7C911328 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text ...
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsqrt + B 7C91138A 2 Bytes [ 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_CIsqrt + 10 7C91138F 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 9 7C91139C 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 21 7C9113B4 1 Byte [ 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 25 7C9113B8 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 31 7C9113C4 4 Bytes [ 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!sqrt + 37 7C9113CA 2 Bytes [ 00, 00 ]
    .text ...
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldiv + 19 7C911454 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldiv + 35 7C911470 110 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldiv + A4 7C9114DF 5 Bytes [ 00, 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm 7C9114E5 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm + 1C 7C911501 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm + 38 7C91151D 140 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm + C5 7C9115AA 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alldvrm + D9 7C9115BE 5 Bytes [ 00, 00, 00, 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_allmul 7C9115C4 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_allmul + 19 7C9115DD 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe 7C9115F8 1 Byte [ 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe + 2 7C9115FA 1 Byte [ 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe + 5 7C9115FD 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe + 10 7C911608 2 Bytes [ 00, 00 ]
    .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[356] ntdll.dll!_alloca_probe + 13 7C91160B 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
    .text ...
    4 Décembre 2008 01:05:34

    Re,

    Upload moi le rapport Gmer sur mediafire.

    Uploader un fichier sur mediafire :

  • Rends-toi sur ce lien : http://www.mediafire.com/
  • Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
  • Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
  • Clique ensuite sur "Upload".
  • A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
  • Valide et laisse l'upload se faire.
  • Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

    Et pense à me poster sur le forum le rapport de DDS.

    ;) 
    Anonyme
    4 Décembre 2008 01:17:26

    re alors voici le lien url http://www.mediafire.com/?sharekey=173e54ef93fdeea491b2...


    et voici le rapport dds

    ps encore merci de ton aide




    DDS (Version 1.0) - NTFSx86
    Run by BOB51 at 19:47:40,09 on 03/12/2008
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.895.206 [GMT 1:00]

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Winamp\Winampa.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\APPS\Powercinema\PCMService.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    C:\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\VMSnap23.exe
    C:\WINDOWS\Domino.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\APPS\SMP\SmpSys.exe
    C:\PROGRA~1\TRANSV~1\TransVente.exe
    C:\Documents and Settings\BOB51\Bureau\msn plus\ManyCam 2.3\ManyCam.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\wsc32x.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Spyware Guard 2008\spywareguard.exe
    C:\Documents and Settings\BOB51\Bureau\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = www.msn.fr/
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    uURLSearchHooks: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - c:\progra~1\wanadoo\SEARCH~1.DLL
    uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: {0034b039-9e5e-4e5c-a439-a9e2dbfd98d2} - c:\windows\system32\iyrdbl.dll
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJCTJda.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: {9A719D77-C59C-46A9-80CA-1CC0261FA3FF} - c:\windows\system32\tuvUKAtt.dll
    BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WOOKIT] c:\progra~1\wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    uRun: [SmpcSys] c:\apps\smp\SmpSys.exe
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    uRun: [FIRSTFACE] c:\docume~1\bob51\applic~1\dashna~1\ANTI CAKE DVD.exe
    uRun: [TransVente] c:\progra~1\transv~1\TransVente.exe 1
    uRun: [EPSON BX300F Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieje.exe /fu "c:\windows\temp\E_S20E.tmp" /EF "HKCU"
    uRun: [ManyCam] "c:\documents and settings\bob51\bureau\msn plus\manycam 2.3\ManyCam.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [gadcom] "c:\documents and settings\bob51\application data\gadcom\gadcom.exe" 61A847B5BBF72810339E3F466188719AB689201522886B092CBD44BD8689220221DD3257
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [WinampAgent] "c:\winamp\Winampa.exe"
    mRun: [Ulead AutoDetector v2] c:\program files\fichiers communs\ulead systems\autodetector\monitor.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SkyTel] SkyTel.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe -startup
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [I downloaded pirated Software from P2P ] Gothic 3
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
    mRun: [WOOWATCH] c:\progra~1\wanadoo\Watch.exe
    mRun: [WOOTASKBARICON] c:\progra~1\wanadoo\GestMaj.exe TaskBarIcon.exe
    mRun: [Adobe Photo Downloader] "c:\photoshop album edition découverte\3.0\apps\apdproxy.exe"
    mRun: [BigDogPath323VMSnap] c:\windows\VMSnap23.exe
    mRun: [BigDogPath323Domino] c:\windows\Domino.exe
    mRun: [SPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
    mRun: [blue delete title meow] c:\documents and settings\all users\application data\up hold blue delete\Great Sixth.exe
    mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
    mRun: [SpywareCleaner] c:\windows\system32\SpywareRemover.exe
    mRun: [m6] c:\m6video\M6video.exe
    mRun: [book bows bolt bib] c:\documents and settings\all users\application data\bone about book bows\list deaf.exe
    mRun: [uPlayMe] "c:\program files\uplayme\uPlayMe.exe"
    mRun: [Pop-Up Stopper] "c:\program files\panicware\pop-up stopper\dpps2.exe"
    mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe
    mRun: [SpyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter3.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\office10\EXCEL.EXE/3000
    IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\windows live toolbar\components\fr-fr\msntabres.dll.mui/229?0c5dbed6bf5c4ba7bf5aed38f0a0f40a
    IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\windows live toolbar\components\fr-fr\msntabres.dll.mui/230?0c5dbed6bf5c4ba7bf5aed38f0a0f40a
    IE: { - c:\program files\messenger\msmsgs.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {c:\program files\messenger\msmsgs.exe -
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Notify: mlJCTJda - mlJCTJda.dll
    AppInit_DLLs: vtfhre.dll iyrdbl.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: OLESys - {B0B28A0F-73C0-446E-BB4B-FA5C285A7BED} - c:\documents and settings\all users\application data\microsoft\internet explorer\OLESys.dll
    SSODL: Explorer - {58005BE1-21D6-4575-AFB9-B030753FBDF6} - c:\documents and settings\all users\application data\microsoft\protect\pjyxzjabti.dll
    SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJCTJda.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvUKAtt

    ============= SERVICES / DRIVERS ===============

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 63352]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-7-25 476672]
    S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera;c:\windows\system32\drivers\usbvm323.sys [2007-7-25 259968]

    =============== Created Last 30 ================

    2008-12-03 19:14 250 a------- c:\windows\gmer.ini
    2008-12-03 18:07 <DIR> --d----- c:\program files\Spyware Guard 2008
    2008-12-03 17:37 664 a------- c:\windows\system32\d3d9caps.dat
    2008-12-03 17:31 <DIR> --d----- c:\program files\Enigma Software Group
    2008-12-03 02:43 <DIR> --d----- c:\program files\Yahoo!
    2008-12-03 02:42 <DIR> --d----- c:\program files\CCleaner
    2008-12-03 02:26 <DIR> --d----- c:\program files\EMCO MoveOnBoot
    2008-12-02 23:39 0 a------- c:\windows\system32\wertyu.dll
    2008-12-02 23:39 0 a------- c:\windows\system32\getwn32.dll
    2008-12-02 23:39 0 a------- c:\windows\system32\av.exe
    2008-12-02 23:36 129,024 a------- c:\windows\system32\iyrdbl.dll
    2008-12-02 23:36 129,024 a------- c:\windows\system32\qfpsrsac.dll
    2008-12-02 23:35 294,912 a------- c:\windows\system32\wsc32x.exe
    2008-12-02 23:35 134,149 a------- c:\windows\reged.exe
    2008-12-02 23:35 18,941 a------- c:\windows\vmreg.dll
    2008-12-02 23:35 1,003,957 a------- c:\windows\sysexplorer.exe
    2008-12-02 23:35 50,620 a------- c:\windows\sys.com
    2008-12-02 23:35 47,872 a------- c:\windows\syscert.exe
    2008-12-02 23:35 51,197 a------- c:\windows\spoolsystem.exe
    2008-12-02 23:34 89,614 a------- c:\windows\system32\av.dat
    2008-12-02 23:34 2,271 a------- c:\windows\system32\TDSSqxub.dll
    2008-12-02 23:34 73,728 a------- c:\windows\system32\TDSStken.dll
    2008-12-02 23:34 31,232 a------- c:\windows\system32\TDSSacsn.dll
    2008-12-02 23:34 29,696 a------- c:\windows\system32\TDSSurtm.dll
    2008-12-02 23:34 527 a------- c:\windows\system32\TDSSejja.dat
    2008-12-02 23:34 35,840 a------- c:\windows\system32\TDSSjokw.dll
    2008-12-02 23:33 60,416 a------- c:\windows\system32\drivers\TDSSmyvt.sys
    2008-12-02 23:33 59,909 a------- c:\docume~1\alluse~1\applic~1\winlogon.exe
    2008-12-02 23:33 228,864 a------- c:\windows\system32\cowcvwod.exe
    2008-12-02 23:30 1,409,964 ---sh--- c:\windows\system32\eruwjfpe.ini
    2008-12-02 23:30 72,704 a------- c:\windows\system32\epfjwure.dll
    2008-12-02 00:14 <DIR> --d----- c:\program files\Panicware
    2008-12-01 23:30 1,377,860 ---sh--- c:\windows\system32\xaaqbhvp.ini
    2008-12-01 23:27 129,024 a------- c:\windows\system32\giperv.dll
    2008-12-01 23:27 129,024 a------- c:\windows\system32\ahtfkmnr.dll
    2008-12-01 23:26 605,173 a--sh--- c:\windows\system32\ttAKUvut.ini2
    2008-12-01 23:26 0 a--sh--- c:\windows\system32\ttAKUvut.ini
    2008-12-01 23:26 318,464 a------- c:\windows\system32\tuvUKAtt.dll
    2008-12-01 23:05 161,792 a------- c:\windows\SWREG.exe
    2008-12-01 23:05 98,816 a------- c:\windows\sed.exe
    2008-12-01 21:11 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2008-12-01 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2008-12-01 18:27 152,904 a------- c:\windows\system32\vghd.scr
    2008-12-01 18:27 461 a------- c:\windows\system32\win32hlp.cnf
    2008-12-01 18:27 <DIR> --d----- c:\program files\vghd
    2008-12-01 18:27 <DIR> --d----- c:\docume~1\bob51\applic~1\vghd
    2008-12-01 18:26 38,400 a------- c:\windows\system32\mlJCTJda.dll
    2008-11-30 13:46 297,709 a------- c:\windows\system32\SpywareRemover.exe
    2008-11-27 23:33 8 a------- c:\windows\system32\WIN.INI
    2008-11-27 23:33 8 a------- c:\windows\system32\SYSTEM.INI
    2008-11-27 23:33 8 a------- c:\windows\system32\PROTOCOL.INI
    2008-11-27 23:32 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
    2008-11-27 23:32 <DIR> --d----- C:\Translations
    2008-11-27 23:17 <DIR> --d----- C:\Data
    2008-11-27 23:16 <DIR> --d----- c:\program files\fichiers communs\knifeedge
    2008-11-27 23:16 <DIR> --d----- C:\Documentation
    2008-11-27 17:40 <DIR> --d----- C:\FMS
    2008-11-27 14:27 <DIR> --d----- c:\program files\Dashnamemove
    2008-11-25 01:00 <DIR> --d----- c:\docume~1\bob51\applic~1\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
    2008-11-25 00:59 <DIR> --d----- c:\program files\uPlayMe
    2008-11-25 00:59 <DIR> --d----- c:\program files\fichiers communs\Adobe AIR
    2008-11-25 00:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\uPlayMe
    2008-11-21 14:30 <DIR> --d-h--- c:\windows\Bifrost
    2008-11-20 18:41 124,688 a------- c:\windows\system32\MSWINSCK.ocx
    2008-11-20 18:41 <DIR> --d----- c:\program files\MessengerDiscovery
    2008-11-20 12:55 <DIR> --d----- C:\v
    2008-11-20 12:54 <DIR> --d----- C:\VehiPlan-2-0-0
    2008-11-19 16:23 <DIR> --d----- c:\program files\fichiers communs\xing shared
    2008-11-17 08:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
    2008-11-16 19:43 <DIR> --d----- C:\Logs
    2008-11-13 01:41 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-13 01:41 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-11 03:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-11-10 20:00 268,648 a------- c:\windows\system32\mucltui.dll
    2008-11-10 20:00 208,744 a------- c:\windows\system32\muweb.dll
    2008-11-10 20:00 27,496 a------- c:\windows\system32\mucltui.dll.mui
    2008-11-10 01:37 <DIR> -cdsh--- c:\program files\fichiers communs\WindowsLiveInstaller
    2008-11-09 22:51 255,788,920 a------- C:\yy.rar

    ==================== Find3M ====================

    2008-12-03 19:45 <DIR> --d----- c:\program files\Wanadoo
    2008-12-03 18:08 <DIR> --d----- c:\program files\SPAMfighter
    2008-12-01 23:26 474,972 a------- c:\windows\system32\perfh00C.dat
    2008-12-01 23:26 77,476 a------- c:\windows\system32\perfc00C.dat
    2008-12-01 22:04 <DIR> --d----- c:\program files\Everest Poker
    2008-11-27 14:28 <DIR> --d----- c:\docume~1\bob51\applic~1\Dashnamemove
    2008-11-27 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\up hold blue delete
    2008-11-27 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vc meta poke axis
    2008-11-19 16:23 <DIR> --d----- c:\program files\fichiers communs\Real
    2008-11-16 06:28 <DIR> --d----- c:\program files\fichiers communs\Blizzard Entertainment
    2008-11-07 01:12 <DIR> --d----- c:\program files\TransVente
    2008-10-31 00:22 2,980 a------- c:\windows\mozver.dat
    2008-10-30 23:51 <DIR> --d----- c:\program files\Messenger
    2008-10-30 23:48 76,507 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2008-10-30 23:38 <DIR> --d----- c:\program files\Windows NT
    2008-10-27 16:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
    2008-10-27 16:41 <DIR> --d----- c:\program files\Epson Software
    2008-10-27 16:37 <DIR> --d----- c:\program files\epson
    2008-10-27 16:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
    2008-10-26 14:44 <DIR> --d----- c:\docume~1\bob51\applic~1\SPAMfighter
    2008-10-26 14:44 <DIR> --d----- c:\program files\fichiers communs\Application
    2008-10-17 21:14 <DIR> --d----- c:\program files\IDoser v4
    2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
    2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
    2008-10-15 17:35 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 00:38 4,584 a------- c:\windows\BricoPackFoldersDelete.cmd
    2008-10-15 00:37 45,686 a------- c:\windows\BricoPackUninst.cmd
    2008-10-15 00:09 <DIR> --d----- c:\program files\Atari
    2008-10-03 18:12 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
    2008-09-15 16:26 1,846,528 a------- c:\windows\system32\win32k.sys
    2008-09-15 16:26 1,846,528 -------- c:\windows\system32\dllcache\win32k.sys
    2008-09-13 01:32 <DIR> --d----- c:\docume~1\bob51\applic~1\GrabPro
    2008-09-10 02:15 1,307,648 -------- c:\windows\system32\msxml6.dll
    2008-09-10 02:15 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
    2008-09-08 11:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
    2008-09-07 02:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BONE ABOUT BOOK BOWS
    2008-01-06 22:24 <DIR> --d----- c:\docume~1\bob51\applic~1\TVU Networks
    2007-12-19 15:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
    2007-11-30 04:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
    2007-09-20 14:37 <DIR> --d----- c:\docume~1\bob51\applic~1\CamfrogWEB
    2007-08-18 12:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nurb long bib bone
    2007-05-16 13:08 <DIR> --d----- c:\docume~1\bob51\applic~1\BitDownload
    2007-05-12 22:08 <DIR> --d----- c:\docume~1\bob51\applic~1\Command & Conquer 3 Tiberium Wars Demo
    2007-04-19 12:56 <DIR> --d----- c:\docume~1\bob51\applic~1\MySpace
    2006-12-21 00:11 <DIR> --d----- c:\docume~1\bob51\applic~1\BitTorrent
    2006-12-19 00:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
    2006-10-30 21:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BOONTY
    2006-10-11 23:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Age of Empires 3 XPack Trial
    2006-10-08 17:28 <DIR> --d----- c:\docume~1\bob51\applic~1\Kazaa Lite
    2006-10-05 17:33 <DIR> --d----- c:\docume~1\bob51\applic~1\OD2
    2006-08-24 22:55 <DIR> --d----- c:\docume~1\bob51\applic~1\AOL
    2006-08-24 22:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OD2
    2006-08-24 22:41 <DIR> --d----- c:\docume~1\bob51\applic~1\You've Got Pictures Screensaver
    2004-08-16 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

    ============= FINISH: 19:51:26,92 ===============
    4 Décembre 2008 01:36:09

    Re,

    Il y a en effet un joli ménage à faire. ;) 

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Renomme-le avant téléchargement en suivant cette procédure : pcastuces.com
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    Bonne nuit, à demain.

    ;) 
    Anonyme
    4 Décembre 2008 02:00:44

    re voila le rapport de combofix enfaite combofix je l est installer hier car tout sa c parti de warnig secuity ducoup j ai chercher sur la toile et j ai trouver combofix qui ma bien aider il a effacer le virus warning mais n avais pas prevu spyware guard 2008

    voici le rapport


    ComboFix 08-12-01.01 - BOB51 2008-12-01 23:09:33.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.310 [GMT 1:00]
    Lancé depuis: c:\documents and settings\BOB51\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\BOB51\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\BOB51\Application Data\addon.dat
    c:\documents and settings\BOB51\Application Data\gadcom
    c:\documents and settings\BOB51\Application Data\gadcom\gadcom.exe
    c:\documents and settings\BOB51\Local Settings\Temporary Internet Files\fbk.sts
    c:\program files\Dynamic Toolbar
    c:\program files\Dynamic Toolbar\batch.bat
    c:\program files\Dynamic Toolbar\Cache\go.bmp
    c:\program files\Dynamic Toolbar\Cache\home.bmp
    c:\program files\Dynamic Toolbar\Cache\logo_pb.bmp
    c:\program files\Dynamic Toolbar\Cache\parent_off.bmp
    c:\program files\Dynamic Toolbar\Cache\parent_on.bmp
    c:\program files\Dynamic Toolbar\Cache\pbfrv2tb0200.cfg
    c:\program files\Dynamic Toolbar\Cache\popup_off.bmp
    c:\program files\Dynamic Toolbar\Cache\popup_on.bmp
    c:\program files\Dynamic Toolbar\Cache\search.bmp
    c:\program files\Dynamic Toolbar\Cache\services.bmp
    c:\program files\Dynamic Toolbar\Cache\skin.bmp
    c:\program files\Dynamic Toolbar\Cache\skin1.bmp
    c:\program files\Dynamic Toolbar\Cache\skin2.bmp
    c:\program files\Dynamic Toolbar\Cache\skin3.bmp
    c:\program files\Dynamic Toolbar\Cache\skin4.bmp
    c:\program files\Dynamic Toolbar\Cache\skin5.bmp
    c:\program files\Dynamic Toolbar\Cache\store.bmp
    c:\program files\Dynamic Toolbar\Cache\style.css
    c:\program files\Dynamic Toolbar\Cache\support.bmp
    c:\program files\Dynamic Toolbar\Cache\ticker.xml
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\_Ticker_ticker.txt
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\ErrorLog.txt
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\go.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\home.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\logo_pb.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\parent_off.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\parent_on.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\PBFRV2TB0200.cfg
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\popup_off.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\popup_on.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\search.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\services.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin1.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin2.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin3.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin4.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\skin5.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\store.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\style.css
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\support.bmp
    c:\program files\Dynamic Toolbar\PBFRV2\Cache\ticker.xml
    c:\program files\Dynamic Toolbar\unins000.dat
    c:\program files\Dynamic Toolbar\unins000.exe
    c:\windows\ktd32.atm
    c:\windows\services.exe
    c:\windows\system\sservice.exe
    c:\windows\system32\ahtn.htm
    c:\windows\system32\awttqqOG.dll
    c:\windows\system32\config\31823332.Evt
    c:\windows\system32\frmwrk32.exe
    c:\windows\system32\fservice.exe
    c:\windows\system32\geatxe.dll
    c:\windows\system32\geBsstqp.dll
    c:\windows\system32\gucfyuyj.dll
    c:\windows\system32\jyuyfcug.ini
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\msdocjos.dll
    c:\windows\system32\mthudtrn.dll
    c:\windows\system32\ntdll64.exe
    c:\windows\system32\pqtssBeg.ini
    c:\windows\system32\pqtssBeg.ini2
    c:\windows\system32\reginv.dll
    c:\windows\system32\test.ttt
    c:\windows\system32\uniq.tll
    c:\windows\system32\vjinwiwx.dll
    c:\windows\system32\vtfhre.dll
    c:\windows\system32\warning.gif
    c:\windows\system32\winkey.dll
    c:\windows\system32\xwiwnijv.ini
    c:\windows\Tasks\gmfcpjfu.job

    c:\windows\system32\userinit.exe . . . est infecté!!

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ASC3550P
    -------\Legacy_BOONTY_GAMES
    -------\Legacy_OREANS32
    -------\Service_asc3550p
    -------\Service_Boonty Games
    -------\Service_oreans32


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-01 21:11 . 2008-12-01 21:16 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-12-01 21:11 . 2008-12-01 21:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-01 20:04 . 2008-12-01 22:38 <REP> d-------- c:\program files\a-squared Free
    2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\program files\vghd
    2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\documents and settings\BOB51\Application Data\vghd
    2008-12-01 18:27 . 2008-12-01 18:27 152,904 --a------ c:\windows\system32\vghd.scr
    2008-12-01 18:27 . 2008-12-01 22:16 461 --a------ c:\windows\system32\win32hlp.cnf
    2008-12-01 18:26 . 2008-12-01 18:26 38,400 --a------ c:\windows\system32\mlJCTJda.dll
    2008-11-30 13:46 . 2008-11-30 13:46 297,709 --a------ c:\windows\system32\SpywareRemover.exe
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\WIN.INI
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\SYSTEM.INI
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\PROTOCOL.INI
    2008-11-27 23:32 . 2008-11-27 23:32 <REP> d-------- C:\Translations
    2008-11-27 23:32 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
    2008-11-27 23:17 . 2008-11-27 23:32 <REP> d-------- C:\Data
    2008-11-27 23:16 . 2008-11-27 23:32 <REP> d-------- c:\program files\Fichiers communs\knifeedge
    2008-11-27 23:16 . 2008-11-27 23:16 <REP> d-------- C:\Documentation
    2008-11-27 17:40 . 2008-11-27 17:40 <REP> d-------- C:\FMS
    2008-11-27 14:27 . 2008-11-27 14:27 <REP> d-------- c:\program files\Dashnamemove
    2008-11-25 01:00 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\BOB51\Application Data\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
    2008-11-25 00:59 . 2008-12-01 18:55 <REP> d-------- c:\program files\uPlayMe
    2008-11-25 00:59 . 2008-11-25 00:59 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
    2008-11-25 00:56 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\All Users\Application Data\uPlayMe
    2008-11-21 14:30 . 2008-11-21 14:30 <REP> d--h----- c:\windows\Bifrost
    2008-11-20 18:41 . 2008-11-23 04:16 <REP> d-------- c:\program files\MessengerDiscovery
    2008-11-20 18:41 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx
    2008-11-20 12:55 . 2008-11-20 12:55 <REP> d-------- C:\v
    2008-11-20 12:54 . 2008-11-20 12:58 <REP> d-------- C:\VehiPlan-2-0-0
    2008-11-19 16:23 . 2008-11-19 16:23 <REP> d-------- c:\program files\Fichiers communs\xing shared
    2008-11-17 08:44 . 2008-11-17 08:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
    2008-11-16 19:43 . 2008-11-16 19:43 <REP> d-------- C:\Logs
    2008-11-13 01:41 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-13 01:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-11 03:00 . 2008-11-11 03:00 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-11-10 20:00 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2008-11-10 20:00 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2008-11-10 20:00 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2008-11-10 01:37 . 2008-11-23 04:15 <REP> d-------- c:\program files\Windows Live
    2008-11-10 01:37 . 2008-11-23 04:12 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-11-10 01:37 . 2008-11-23 04:12 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
    2008-11-09 22:51 . 2008-11-09 22:58 255,788,920 --a------ C:\yy.rar

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-01 22:24 --------- d-----w c:\program files\Wanadoo
    2008-12-01 22:23 --------- d-----w c:\program files\SPAMfighter
    2008-12-01 21:04 --------- d-----w c:\program files\Everest Poker
    2008-12-01 17:54 --------- d-----w c:\documents and settings\BOB51\Application Data\Orbit
    2008-11-27 13:28 --------- d-----w c:\documents and settings\BOB51\Application Data\Dashnamemove
    2008-11-27 13:28 --------- d-----w c:\documents and settings\All Users\Application Data\vc meta poke axis
    2008-11-27 13:28 --------- d-----w c:\documents and settings\All Users\Application Data\up hold blue delete
    2008-11-19 15:23 --------- d-----w c:\program files\Fichiers communs\Real
    2008-11-16 05:28 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
    2008-11-07 00:12 --------- d-----w c:\program files\TransVente
    2008-11-05 23:13 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
    2008-10-30 22:56 96,384 ----a-w c:\windows\system32\drivers\sptd1981.sys
    2008-10-29 23:59 --------- d-----w c:\program files\Java
    2008-10-27 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
    2008-10-27 15:41 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-27 15:41 --------- d-----w c:\program files\Epson Software
    2008-10-27 15:38 --------- d-----w c:\documents and settings\BOB51\Application Data\InstallShield
    2008-10-27 15:37 --------- d-----w c:\program files\epson
    2008-10-27 15:36 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
    2008-10-27 15:33 --------- d-----w c:\documents and settings\BOB51\Application Data\EPSON
    2008-10-26 13:44 --------- d-----w c:\program files\Fichiers communs\Application
    2008-10-26 13:44 --------- d-----w c:\documents and settings\BOB51\Application Data\SPAMfighter
    2008-10-26 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-17 20:14 --------- d-----w c:\program files\IDoser v4
    2008-10-14 23:38 4,584 ----a-w c:\windows\BricoPackFoldersDelete.cmd
    2008-10-14 23:37 45,686 ----a-w c:\windows\BricoPackUninst.cmd
    2008-10-14 23:09 --------- d-----w c:\program files\Atari
    2008-10-08 20:31 7,131,136 ----a-w C:\RealFlight.exe
    2008-10-02 09:23 --------- d-----w c:\program files\Sun
    2008-09-29 10:53 847,872 ----a-w C:\LauncherG4.exe
    2008-09-06 13:09 880,640 ----a-w C:\QTOControl.dll
    2008-09-06 13:09 806,912 ----a-w C:\QTOLibrary.dll
    2008-09-06 13:09 782,336 ----a-w C:\QTInfo.exe
    2008-09-06 13:09 7,685,424 ----a-w C:\QuickTimePlayer.exe
    2008-09-06 13:09 548,864 ----a-w C:\PictureViewer.exe
    2008-09-06 13:09 413,696 ----a-w C:\QTTask.exe
    2008-09-06 13:09 352,256 ----a-w C:\QTUIPanelControl.dll
    2006-11-22 19:01 54 ----a-w c:\program files\inc1.bat
    2006-11-22 19:01 41 ----a-w c:\program files\sleep.bat
    2006-07-18 13:41 1,019,094 --sha-r c:\program files\serial.tde
    2006-07-16 19:16 194,133 ----a-w c:\program files\patcher.exe
    2006-07-13 19:36 280,692 ----a-w c:\program files\dr.exe
    2006-07-13 19:23 291,956 ----a-w c:\program files\shell32.exe
    2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.zip
    2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.tbe
    2006-05-28 16:34 435,756 ----a-w c:\program files\wunauclt.exe
    2005-09-28 09:56 185,856 ----a-w c:\program files\7za.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1858E8EC-489E-4E53-B0F4-7368E929FBC4}]
    2008-12-01 23:26 318464 --a------ c:\windows\system32\tuvUKAtt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    2008-12-01 18:26 38400 --a------ c:\windows\system32\mlJCTJda.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
    2008-04-02 13:24 266240 --a------ c:\program files\Epson Software\Easy Photo Print\EPTBL.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"= "c:\program files\Epson Software\Easy Photo Print\EPTBL.dll" [2008-04-02 266240]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "FIRSTFACE"="c:\docume~1\BOB51\APPLIC~1\DASHNA~1\ANTI CAKE DVD.exe" [2008-11-27 505344]
    "TransVente"="c:\progra~1\TRANSV~1\TransVente.exe" [2006-11-23 40960]
    "EPSON BX300F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE" [2008-01-22 188928]
    "ManyCam"="c:\documents and settings\BOB51\Bureau\msn plus\ManyCam 2.3\ManyCam.exe" [2008-10-14 1791272]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "I downloaded pirated Software from P2P "="Gothic 3" [X]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
    "WinampAgent"="c:\winamp\Winampa.exe" [2008-08-04 36352]
    "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "Adobe Photo Downloader"="c:\photoshop album edition découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2006-09-19 212992]
    "BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-27 49152]
    "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-10-22 325768]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "blue delete title meow"="c:\documents and settings\All Users\Application Data\up hold blue delete\Great Sixth.exe" [2008-12-01 5510656]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-19 185872]
    "SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-30 297709]
    "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\mlJCTJda.dll" [2008-12-01 38400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCTJda]
    2008-12-01 18:26 38400 c:\windows\system32\mlJCTJda.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=vtfhre.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\tuvUKAtt

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12278:TCP"= 12278:TCP:BitComet 12278 TCP
    "12278:UDP"= 12278:UDP:BitComet 12278 UDP
    "3724:TCP"= 3724:TCP:bizzard downloader
    "6112:UDP"= 6112:UDP:bizzard downloader
    "4762:TCP"= 4762:TCP:emule
    "4763:TCP"= 4763:TCP:emule

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-10-22 184968]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-07-25 476672]
    S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera;c:\windows\system32\Drivers\usbvm323.sys [2007-07-25 259968]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-01 c:\windows\Tasks\A6B0FDD3918B6FB3.job
    - c:\docume~1\bob51\applic~1\dashna~1\army user ping.exe [2008-11-27 14:28]

    2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{16b235bb-16cf-4771-9066-aa35f9b30235} - c:\windows\system32\vtfhre.dll
    BHO-{3D94C354-A9E8-4972-9D44-155325CAE0FD} - c:\windows\system32\geBsstqp.dll
    HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
    HKLM-Run-m6 - c:\m6video\M6video.exe
    HKLM-Run-book bows bolt bib - c:\documents and settings\All Users\Application Data\BONE ABOUT BOOK BOWS\list deaf.exe
    HKLM-Run-uPlayMe - c:\program files\uPlayMe\uPlayMe.exe
    HKLM-Explorer_Run-DirectX For Microsoft® Windows - c:\windows\system32\fservice.exe



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-01 23:21:36
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    "ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\0
    [%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00.\03pè\13\00pè\13\00\18î"

    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(692)
    c:\windows\system32\mlJCTJda.dll

    - - - - - - - > 'explorer.exe'(3336)
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSFR.DLL
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\a-squared Free\a2service.exe
    c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    c:\windows\system32\FTRTSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\apps\Powercinema\Kernel\TV\CLSched.exe
    c:\windows\system32\rundll32.exe
    c:\progra~1\Wanadoo\TaskBarIcon.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\progra~1\Wanadoo\GestionnaireInternet.exe
    c:\windows\system32\msiexec.exe
    c:\progra~1\Wanadoo\ComComp.exe
    c:\progra~1\Wanadoo\Toaster.exe
    c:\progra~1\Wanadoo\Inactivity.exe
    c:\progra~1\Wanadoo\PollingModule.exe
    c:\windows\system32\ALERTM~1\ALERTM~1.EXE
    c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-01 23:29:49 - La machine a redémarré [BOB51]
    ComboFix-quarantined-files.txt 2008-12-01 22:29:38

    Avant-CF: 46 233 063 424 octets libres
    Après-CF: 46,410,211,328 octets libres

    344 --- E O F --- 2008-12-01 02:00:20


    Anonyme
    4 Décembre 2008 19:18:08

    slt tu ma pas oublier ?
    4 Décembre 2008 19:52:55

    Re,

    Non, mais j'ai passé la journée en cours :) 

    On continue, il reste des choses à faire.

    Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


    Tu as ton CD de windows ou pas ? Cela pourrait aider, faciliter une manip'.

    ;) 
    Anonyme
    4 Décembre 2008 23:31:47

    re bizarre quand je fait recherche avec lop sd ,sa m eteint la fenetre et y a pas de scan qui se fait ?

    sinon non j ai pas de cd windows j aurais bien tout reformater c pas possible sans cd ? juste une recuperation de windows
    4 Décembre 2008 23:44:07

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    http://www.infos-du-net.com/forum/283909-11-gros-probleme-virus-spyware-guard-2008#bas

    Collect::
    c:\windows\system32\mlJCTJda.dll
    c:\windows\system32\SpywareRemover.exe

    File::
    c:\windows\Tasks\A6B0FDD3918B6FB3.job

    DirLook::
    c:\program files\Fichiers communs\knifeedge
    c:\program files\Dashnamemove

    Folder::
    c:\documents and settings\All Users\Application Data\vc meta poke axis
    c:\documents and settings\All Users\Application Data\up hold blue delete

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1858E8EC-489E-4E53-B0F4-7368E929FBC4}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "I downloaded pirated Software from P2P "=-
    "blue delete title meow"=-
    "SpywareCleaner"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCTJda]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12278:TCP"=-
    "12278:UDP"=-
    "4762:TCP"-
    "4763:TCP"=-


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    ;) 
    Anonyme
    5 Décembre 2008 00:22:19

    voici les 2 rapport

    le 1




    ComboFix 08-12-02.02 - BOB51 2008-12-05 0:04:15.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.190 [GMT 1:00]
    Lancé depuis: c:\documents and settings\BOB51\Bureau\Combo-Fix.exe
    Commutateurs utilisés :: c:\documents and settings\BOB51\Bureau\CFScript.txt

    FILE ::
    c:\windows\Tasks\A6B0FDD3918B6FB3.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll
    c:\documents and settings\All Users\Application Data\Microsoft\Protect\ie.dll
    c:\documents and settings\All Users\Application Data\up hold blue delete
    c:\documents and settings\All Users\Application Data\up hold blue delete\bits warn.exe
    c:\documents and settings\All Users\Application Data\up hold blue delete\Great Sixth.exe
    c:\documents and settings\All Users\Application Data\vc meta poke axis
    c:\documents and settings\All Users\Application Data\vc meta poke axis\jugsbike.exe
    c:\documents and settings\All Users\Application Data\vc meta poke axis\VIEWTRANS.exe
    c:\documents and settings\All Users\Application Data\winlogon.exe
    c:\program files\Spyware Guard 2008
    c:\program files\Spyware Guard 2008\conf.cfg
    c:\program files\Spyware Guard 2008\mbase.vdb
    c:\program files\Spyware Guard 2008\quarantine.vdb
    c:\program files\Spyware Guard 2008\queue.vdb
    c:\program files\Spyware Guard 2008\spywareguard.exe
    c:\program files\Spyware Guard 2008\uninstall.exe
    c:\program files\Spyware Guard 2008\vbase.vdb
    c:\windows\reged.exe
    c:\windows\spoolsystem.exe
    c:\windows\sys.com
    c:\windows\syscert.exe
    c:\windows\sysexplorer.exe
    c:\windows\system32\fbdruqmo.dll
    c:\windows\system32\fccyaXnk.dll
    c:\windows\system32\fnpexkwy.dll
    c:\windows\system32\iedxdejm.dll
    c:\windows\system32\jcmbigpu.ini
    c:\windows\system32\jpigpb.dll
    c:\windows\system32\knXayccf.ini
    c:\windows\system32\knXayccf.ini2
    c:\windows\system32\liuvioqt.dll
    c:\windows\system32\mlJCTJda.dll
    c:\windows\system32\nmbbiapa.dll
    c:\windows\system32\omqurdbf.ini
    c:\windows\system32\qqynrs.dll
    c:\windows\system32\rbzasa.dll
    c:\windows\system32\SpywareRemover.exe
    c:\windows\system32\upgibmcj.dll
    c:\windows\system32\wsc32x.exe
    c:\windows\system32\ywkxepnf.ini
    c:\windows\Tasks\A6B0FDD3918B6FB3.job
    c:\windows\vmreg.dll
    .
    ---- Previous Run -------
    .
    c:\windows\system32\ahtfkmnr.dll
    c:\windows\system32\av.dat
    c:\windows\system32\av.exe
    c:\windows\system32\Drivers\TDSSmyvt.sys
    c:\windows\system32\epfjwure.dll
    c:\windows\system32\eruwjfpe.ini
    c:\windows\system32\getwn32.dll
    c:\windows\system32\giperv.dll
    c:\windows\system32\iyrdbl.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\qfpsrsac.dll
    c:\windows\system32\TDSSacsn.dll
    c:\windows\system32\TDSSejja.dat
    c:\windows\system32\TDSSjokw.dll
    c:\windows\system32\TDSSoigq.log
    c:\windows\system32\TDSSqxub.dll
    c:\windows\system32\TDSStken.dll
    c:\windows\system32\TDSSurtm.dll
    c:\windows\system32\ttAKUvut.ini
    c:\windows\system32\ttAKUvut.ini2
    c:\windows\system32\tuvUKAtt.dll
    c:\windows\system32\wertyu.dll
    c:\windows\system32\xaaqbhvp.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV.SYS
    -------\Service_TDSSserv.sys


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-04 au 2008-12-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-05 00:15 . 2008-12-05 00:15 294,912 --a------ c:\windows\system32\wsc32x.exe
    2008-12-04 23:23 . 2008-12-04 23:23 <REP> d-------- C:\Lop SD
    2008-12-03 22:39 . 2008-12-04 01:52 <REP> d-------- C:\ComboFix
    2008-12-03 19:14 . 2008-12-03 19:14 250 --a------ c:\windows\gmer.ini
    2008-12-03 17:37 . 2008-12-05 00:14 664 --a------ c:\windows\system32\d3d9caps.dat
    2008-12-03 17:31 . 2008-12-03 23:00 <REP> d-------- c:\program files\Enigma Software Group
    2008-12-03 04:13 . 2008-12-03 04:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2008-12-03 03:26 . 2006-08-24 22:41 <REP> dr------- c:\documents and settings\Administrateur\Favoris
    2008-12-03 03:26 . 2006-08-24 22:57 <REP> dr------- c:\documents and settings\Administrateur\Bureau
    2008-12-03 03:26 . 2006-08-24 22:41 <REP> d-------- c:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver
    2008-12-03 03:26 . 2006-08-24 22:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AOL
    2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-03 03:25 . 2006-08-24 22:57 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
    2008-12-03 03:25 . 2004-08-16 16:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-03 03:25 . 2008-12-03 03:26 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-03 02:43 . 2008-12-03 02:43 <REP> d-------- c:\program files\Yahoo!
    2008-12-03 02:42 . 2008-12-03 02:42 <REP> d-------- c:\program files\CCleaner
    2008-12-03 02:26 . 2008-12-03 02:30 <REP> d-------- c:\program files\EMCO MoveOnBoot
    2008-12-02 23:33 . 2008-12-02 23:33 228,864 --a------ c:\windows\system32\cowcvwod.exe
    2008-12-02 00:14 . 2008-12-02 00:14 <REP> d-------- c:\program files\Panicware
    2008-12-01 21:11 . 2008-12-01 23:51 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-12-01 21:11 . 2008-12-01 23:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\program files\vghd
    2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\documents and settings\BOB51\Application Data\vghd
    2008-12-01 18:27 . 2008-12-01 18:27 152,904 --a------ c:\windows\system32\vghd.scr
    2008-12-01 18:27 . 2008-12-01 22:16 461 --a------ c:\windows\system32\win32hlp.cnf
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\WIN.INI
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\SYSTEM.INI
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\PROTOCOL.INI
    2008-11-27 23:32 . 2008-11-27 23:32 <REP> d-------- C:\Translations
    2008-11-27 23:32 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
    2008-11-27 23:17 . 2008-11-27 23:32 <REP> d-------- C:\Data
    2008-11-27 23:16 . 2008-11-27 23:32 <REP> d-------- c:\program files\Fichiers communs\knifeedge
    2008-11-27 23:16 . 2008-11-27 23:16 <REP> d-------- C:\Documentation
    2008-11-27 17:40 . 2008-11-27 17:40 <REP> d-------- C:\FMS
    2008-11-27 14:27 . 2008-11-27 14:27 <REP> d-------- c:\program files\Dashnamemove
    2008-11-25 01:00 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\BOB51\Application Data\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
    2008-11-25 00:59 . 2008-12-01 18:55 <REP> d-------- c:\program files\uPlayMe
    2008-11-25 00:59 . 2008-11-25 00:59 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
    2008-11-25 00:56 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\All Users\Application Data\uPlayMe
    2008-11-21 14:30 . 2008-11-21 14:30 <REP> d--h----- c:\windows\Bifrost
    2008-11-20 18:41 . 2008-11-23 04:16 <REP> d-------- c:\program files\MessengerDiscovery
    2008-11-20 18:41 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx
    2008-11-20 12:55 . 2008-11-20 12:55 <REP> d-------- C:\v
    2008-11-20 12:54 . 2008-11-20 12:58 <REP> d-------- C:\VehiPlan-2-0-0
    2008-11-19 16:23 . 2008-11-19 16:23 <REP> d-------- c:\program files\Fichiers communs\xing shared
    2008-11-17 08:44 . 2008-11-17 08:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
    2008-11-16 19:43 . 2008-11-16 19:43 <REP> d-------- C:\Logs
    2008-11-13 01:41 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-13 01:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-11 03:00 . 2008-11-11 03:00 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-11-10 20:00 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2008-11-10 20:00 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2008-11-10 20:00 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2008-11-10 01:37 . 2008-11-23 04:15 <REP> d-------- c:\program files\Windows Live
    2008-11-10 01:37 . 2008-11-23 04:12 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-11-10 01:37 . 2008-11-23 04:12 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
    2008-11-09 22:51 . 2008-11-09 22:58 255,788,920 --a------ C:\yy.rar

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-04 23:15 --------- d-----w c:\program files\Wanadoo
    2008-12-04 23:15 --------- d-----w c:\program files\SPAMfighter
    2008-12-01 21:04 --------- d-----w c:\program files\Everest Poker
    2008-12-01 17:54 --------- d-----w c:\documents and settings\BOB51\Application Data\Orbit
    2008-11-27 13:28 --------- d-----w c:\documents and settings\BOB51\Application Data\Dashnamemove
    2008-11-19 15:23 --------- d-----w c:\program files\Fichiers communs\Real
    2008-11-16 05:28 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
    2008-11-07 00:12 --------- d-----w c:\program files\TransVente
    2008-10-30 22:56 96,384 ----a-w c:\windows\system32\drivers\sptd1981.sys
    2008-10-29 23:59 --------- d-----w c:\program files\Java
    2008-10-27 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
    2008-10-27 15:41 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-27 15:41 --------- d-----w c:\program files\Epson Software
    2008-10-27 15:38 --------- d-----w c:\documents and settings\BOB51\Application Data\InstallShield
    2008-10-27 15:37 --------- d-----w c:\program files\epson
    2008-10-27 15:36 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
    2008-10-27 15:33 --------- d-----w c:\documents and settings\BOB51\Application Data\EPSON
    2008-10-26 13:44 --------- d-----w c:\program files\Fichiers communs\Application
    2008-10-26 13:44 --------- d-----w c:\documents and settings\BOB51\Application Data\SPAMfighter
    2008-10-26 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-17 20:14 --------- d-----w c:\program files\IDoser v4
    2008-10-14 23:38 4,584 ----a-w c:\windows\BricoPackFoldersDelete.cmd
    2008-10-14 23:37 45,686 ----a-w c:\windows\BricoPackUninst.cmd
    2008-10-14 23:09 --------- d-----w c:\program files\Atari
    2008-10-08 20:31 7,131,136 ----a-w C:\RealFlight.exe
    2008-09-29 10:53 847,872 ----a-w C:\LauncherG4.exe
    2008-09-06 13:09 880,640 ----a-w C:\QTOControl.dll
    2008-09-06 13:09 806,912 ----a-w C:\QTOLibrary.dll
    2008-09-06 13:09 782,336 ----a-w C:\QTInfo.exe
    2008-09-06 13:09 7,685,424 ----a-w C:\QuickTimePlayer.exe
    2008-09-06 13:09 548,864 ----a-w C:\PictureViewer.exe
    2008-09-06 13:09 413,696 ----a-w C:\QTTask.exe
    2008-09-06 13:09 352,256 ----a-w C:\QTUIPanelControl.dll
    2006-11-22 19:01 54 ----a-w c:\program files\inc1.bat
    2006-11-22 19:01 41 ----a-w c:\program files\sleep.bat
    2006-07-18 13:41 1,019,094 --sha-r c:\program files\serial.tde
    2006-07-16 19:16 194,133 ----a-w c:\program files\patcher.exe
    2006-07-13 19:36 280,692 ----a-w c:\program files\dr.exe
    2006-07-13 19:23 291,956 ----a-w c:\program files\shell32.exe
    2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.zip
    2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.tbe
    2006-05-28 16:34 435,756 ----a-w c:\program files\wunauclt.exe
    2005-09-28 09:56 185,856 ----a-w c:\program files\7za.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of c:\program files\Dashnamemove ----


    ---- Directory of c:\program files\Fichiers communs\knifeedge ----

    2008-10-02 18:24 1871872 --a------ c:\program files\Fichiers communs\knifeedge\LauncherHelperG4.exe


    ((((((((((((((((((((((((((((( snapshot@2008-12-01_23.27.32.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-12-03 18:14:27 884,736 ----a-w c:\windows\gmer.dll
    + 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
    + 2001-05-22 22:45:04 45,056 ----a-w c:\windows\PANIC32.dll
    + 2001-09-16 10:44:04 40,960 ----a-w c:\windows\PANICNT.dll
    - 2008-10-30 22:58:32 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-12-03 15:33:00 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-10-30 22:58:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-12-03 15:33:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-10-30 22:58:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-03 15:33:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-03 18:14:27 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
    - 2008-11-20 18:10:42 63,862 ----a-w c:\windows\system32\perfc009.dat
    + 2008-12-01 22:26:22 63,862 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-20 18:10:42 77,476 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-12-01 22:26:23 77,476 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-11-20 18:10:42 406,662 ----a-w c:\windows\system32\perfh009.dat
    + 2008-12-01 22:26:23 406,662 ----a-w c:\windows\system32\perfh009.dat
    - 2008-11-20 18:10:43 474,972 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-12-01 22:26:23 474,972 ----a-w c:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
    2008-04-02 13:24 266240 --a------ c:\program files\Epson Software\Easy Photo Print\EPTBL.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"= "c:\program files\Epson Software\Easy Photo Print\EPTBL.dll" [2008-04-02 266240]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "FIRSTFACE"="c:\docume~1\BOB51\APPLIC~1\DASHNA~1\ANTI CAKE DVD.exe" [2008-11-27 505344]
    "TransVente"="c:\progra~1\TRANSV~1\TransVente.exe" [2006-11-23 40960]
    "EPSON BX300F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE" [2008-01-22 188928]
    "ManyCam"="c:\documents and settings\BOB51\Bureau\msn plus\ManyCam 2.3\ManyCam.exe" [2008-10-14 1791272]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
    "WinampAgent"="c:\winamp\Winampa.exe" [2008-08-04 36352]
    "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "Adobe Photo Downloader"="c:\photoshop album edition découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2006-09-19 212992]
    "BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-27 49152]
    "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-10-22 325768]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-19 185872]
    "m6"="c:\m6video\M6video.exe" [BU]
    "book bows bolt bib"="c:\documents and settings\All Users\Application Data\BONE ABOUT BOOK BOWS\list deaf.exe" [BU]
    "uPlayMe"="c:\program files\uPlayMe\uPlayMe.exe" [BU]
    "Pop-Up Stopper"="c:\program files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-14 868352]
    "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Explorer"= {58005BE1-21D6-4575-AFB9-B030753FBDF6} - c:\documents and settings\All Users\Application Data\Microsoft\Protect\pjyxzjabti.dll [2008-12-02 928256]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:bizzard downloader
    "6112:UDP"= 6112:UDP:bizzard downloader
    "4762:TCP"= 4762:TCP:emule

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-10-22 184968]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-07-25 476672]
    S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera;c:\windows\system32\Drivers\usbvm323.sys [2007-07-25 259968]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0034b039-9e5e-4e5c-a439-a9e2dbfd98d2} - c:\windows\system32\iyrdbl.dll
    BHO-{513098F5-5E33-4F2F-B419-162133078C87} - c:\windows\system32\fccyaXnk.dll
    BHO-{59029086-5125-40EE-9369-53DE58284124} - c:\windows\system32\tuvUKAtt.dll
    BHO-{75432cef-8201-4fa4-b2f8-c08e166b9a28} - c:\windows\system32\rbzasa.dll
    HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
    SSODL-OLESys-{B0B28A0F-73C0-446E-BB4B-FA5C285A7BED} - c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-05 00:14:24
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\windows\system32\wsc32x.exe 294912 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    "ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\0
    [%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00.\03pè\13\00pè\13\00\18î"

    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    c:\windows\system32\FTRTSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\apps\Powercinema\Kernel\TV\CLSched.exe
    c:\progra~1\Wanadoo\TaskBarIcon.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\progra~1\Wanadoo\GestionnaireInternet.exe
    c:\progra~1\Wanadoo\ComComp.exe
    c:\progra~1\Wanadoo\PollingModule.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\wsc32x.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\ALERTM~1\ALERTM~1.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-05 0:18:50 - La machine a redémarré [BOB51]
    ComboFix-quarantined-files.txt 2008-12-04 23:18:47
    ComboFix2.txt 2008-12-01 22:29:54

    Avant-CF: 49,228,419,072 octets libres
    Après-CF: 49,206,968,320 octets libres

    347 --- E O F --- 2008-12-01 02:00:20
    Anonyme
    5 Décembre 2008 00:23:18

    le 2




    ComboFix 08-12-02.02 - BOB51 2008-12-05 0:04:15.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.190 [GMT 1:00]
    Lancé depuis: c:\documents and settings\BOB51\Bureau\Combo-Fix.exe
    Commutateurs utilisés :: c:\documents and settings\BOB51\Bureau\CFScript.txt

    FILE ::
    c:\windows\Tasks\A6B0FDD3918B6FB3.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll
    c:\documents and settings\All Users\Application Data\Microsoft\Protect\ie.dll
    c:\documents and settings\All Users\Application Data\up hold blue delete
    c:\documents and settings\All Users\Application Data\up hold blue delete\bits warn.exe
    c:\documents and settings\All Users\Application Data\up hold blue delete\Great Sixth.exe
    c:\documents and settings\All Users\Application Data\vc meta poke axis
    c:\documents and settings\All Users\Application Data\vc meta poke axis\jugsbike.exe
    c:\documents and settings\All Users\Application Data\vc meta poke axis\VIEWTRANS.exe
    c:\documents and settings\All Users\Application Data\winlogon.exe
    c:\program files\Spyware Guard 2008
    c:\program files\Spyware Guard 2008\conf.cfg
    c:\program files\Spyware Guard 2008\mbase.vdb
    c:\program files\Spyware Guard 2008\quarantine.vdb
    c:\program files\Spyware Guard 2008\queue.vdb
    c:\program files\Spyware Guard 2008\spywareguard.exe
    c:\program files\Spyware Guard 2008\uninstall.exe
    c:\program files\Spyware Guard 2008\vbase.vdb
    c:\windows\reged.exe
    c:\windows\spoolsystem.exe
    c:\windows\sys.com
    c:\windows\syscert.exe
    c:\windows\sysexplorer.exe
    c:\windows\system32\fbdruqmo.dll
    c:\windows\system32\fccyaXnk.dll
    c:\windows\system32\fnpexkwy.dll
    c:\windows\system32\iedxdejm.dll
    c:\windows\system32\jcmbigpu.ini
    c:\windows\system32\jpigpb.dll
    c:\windows\system32\knXayccf.ini
    c:\windows\system32\knXayccf.ini2
    c:\windows\system32\liuvioqt.dll
    c:\windows\system32\mlJCTJda.dll
    c:\windows\system32\nmbbiapa.dll
    c:\windows\system32\omqurdbf.ini
    c:\windows\system32\qqynrs.dll
    c:\windows\system32\rbzasa.dll
    c:\windows\system32\SpywareRemover.exe
    c:\windows\system32\upgibmcj.dll
    c:\windows\system32\wsc32x.exe
    c:\windows\system32\ywkxepnf.ini
    c:\windows\Tasks\A6B0FDD3918B6FB3.job
    c:\windows\vmreg.dll
    .
    ---- Previous Run -------
    .
    c:\windows\system32\ahtfkmnr.dll
    c:\windows\system32\av.dat
    c:\windows\system32\av.exe
    c:\windows\system32\Drivers\TDSSmyvt.sys
    c:\windows\system32\epfjwure.dll
    c:\windows\system32\eruwjfpe.ini
    c:\windows\system32\getwn32.dll
    c:\windows\system32\giperv.dll
    c:\windows\system32\iyrdbl.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\qfpsrsac.dll
    c:\windows\system32\TDSSacsn.dll
    c:\windows\system32\TDSSejja.dat
    c:\windows\system32\TDSSjokw.dll
    c:\windows\system32\TDSSoigq.log
    c:\windows\system32\TDSSqxub.dll
    c:\windows\system32\TDSStken.dll
    c:\windows\system32\TDSSurtm.dll
    c:\windows\system32\ttAKUvut.ini
    c:\windows\system32\ttAKUvut.ini2
    c:\windows\system32\tuvUKAtt.dll
    c:\windows\system32\wertyu.dll
    c:\windows\system32\xaaqbhvp.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV.SYS
    -------\Service_TDSSserv.sys


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-04 au 2008-12-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-05 00:15 . 2008-12-05 00:15 294,912 --a------ c:\windows\system32\wsc32x.exe
    2008-12-04 23:23 . 2008-12-04 23:23 <REP> d-------- C:\Lop SD
    2008-12-03 22:39 . 2008-12-04 01:52 <REP> d-------- C:\ComboFix
    2008-12-03 19:14 . 2008-12-03 19:14 250 --a------ c:\windows\gmer.ini
    2008-12-03 17:37 . 2008-12-05 00:14 664 --a------ c:\windows\system32\d3d9caps.dat
    2008-12-03 17:31 . 2008-12-03 23:00 <REP> d-------- c:\program files\Enigma Software Group
    2008-12-03 04:13 . 2008-12-03 04:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2008-12-03 03:26 . 2006-08-24 22:41 <REP> dr------- c:\documents and settings\Administrateur\Favoris
    2008-12-03 03:26 . 2006-08-24 22:57 <REP> dr------- c:\documents and settings\Administrateur\Bureau
    2008-12-03 03:26 . 2006-08-24 22:41 <REP> d-------- c:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver
    2008-12-03 03:26 . 2006-08-24 22:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AOL
    2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
    2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
    2008-12-03 03:25 . 2004-08-16 16:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
    2008-12-03 03:25 . 2006-08-24 22:57 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
    2008-12-03 03:25 . 2004-08-16 16:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
    2008-12-03 03:25 . 2008-12-03 03:26 <REP> d-------- c:\documents and settings\Administrateur
    2008-12-03 02:43 . 2008-12-03 02:43 <REP> d-------- c:\program files\Yahoo!
    2008-12-03 02:42 . 2008-12-03 02:42 <REP> d-------- c:\program files\CCleaner
    2008-12-03 02:26 . 2008-12-03 02:30 <REP> d-------- c:\program files\EMCO MoveOnBoot
    2008-12-02 23:33 . 2008-12-02 23:33 228,864 --a------ c:\windows\system32\cowcvwod.exe
    2008-12-02 00:14 . 2008-12-02 00:14 <REP> d-------- c:\program files\Panicware
    2008-12-01 21:11 . 2008-12-01 23:51 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2008-12-01 21:11 . 2008-12-01 23:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\program files\vghd
    2008-12-01 18:27 . 2008-12-01 18:27 <REP> d-------- c:\documents and settings\BOB51\Application Data\vghd
    2008-12-01 18:27 . 2008-12-01 18:27 152,904 --a------ c:\windows\system32\vghd.scr
    2008-12-01 18:27 . 2008-12-01 22:16 461 --a------ c:\windows\system32\win32hlp.cnf
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\WIN.INI
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\SYSTEM.INI
    2008-11-27 23:33 . 2008-11-27 23:33 8 --a------ c:\windows\system32\PROTOCOL.INI
    2008-11-27 23:32 . 2008-11-27 23:32 <REP> d-------- C:\Translations
    2008-11-27 23:32 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
    2008-11-27 23:17 . 2008-11-27 23:32 <REP> d-------- C:\Data
    2008-11-27 23:16 . 2008-11-27 23:32 <REP> d-------- c:\program files\Fichiers communs\knifeedge
    2008-11-27 23:16 . 2008-11-27 23:16 <REP> d-------- C:\Documentation
    2008-11-27 17:40 . 2008-11-27 17:40 <REP> d-------- C:\FMS
    2008-11-27 14:27 . 2008-11-27 14:27 <REP> d-------- c:\program files\Dashnamemove
    2008-11-25 01:00 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\BOB51\Application Data\com.uplayme.airclient.9B472EFF9A3BAE26509EDFEDD3D8214233BACDB1.1
    2008-11-25 00:59 . 2008-12-01 18:55 <REP> d-------- c:\program files\uPlayMe
    2008-11-25 00:59 . 2008-11-25 00:59 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
    2008-11-25 00:56 . 2008-11-25 01:00 <REP> d-------- c:\documents and settings\All Users\Application Data\uPlayMe
    2008-11-21 14:30 . 2008-11-21 14:30 <REP> d--h----- c:\windows\Bifrost
    2008-11-20 18:41 . 2008-11-23 04:16 <REP> d-------- c:\program files\MessengerDiscovery
    2008-11-20 18:41 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.ocx
    2008-11-20 12:55 . 2008-11-20 12:55 <REP> d-------- C:\v
    2008-11-20 12:54 . 2008-11-20 12:58 <REP> d-------- C:\VehiPlan-2-0-0
    2008-11-19 16:23 . 2008-11-19 16:23 <REP> d-------- c:\program files\Fichiers communs\xing shared
    2008-11-17 08:44 . 2008-11-17 08:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
    2008-11-16 19:43 . 2008-11-16 19:43 <REP> d-------- C:\Logs
    2008-11-13 01:41 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-13 01:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-11 03:00 . 2008-11-11 03:00 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-11-10 20:00 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2008-11-10 20:00 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2008-11-10 20:00 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2008-11-10 01:37 . 2008-11-23 04:15 <REP> d-------- c:\program files\Windows Live
    2008-11-10 01:37 . 2008-11-23 04:12 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-11-10 01:37 . 2008-11-23 04:12 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
    2008-11-09 22:51 . 2008-11-09 22:58 255,788,920 --a------ C:\yy.rar

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-04 23:15 --------- d-----w c:\program files\Wanadoo
    2008-12-04 23:15 --------- d-----w c:\program files\SPAMfighter
    2008-12-01 21:04 --------- d-----w c:\program files\Everest Poker
    2008-12-01 17:54 --------- d-----w c:\documents and settings\BOB51\Application Data\Orbit
    2008-11-27 13:28 --------- d-----w c:\documents and settings\BOB51\Application Data\Dashnamemove
    2008-11-19 15:23 --------- d-----w c:\program files\Fichiers communs\Real
    2008-11-16 05:28 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
    2008-11-07 00:12 --------- d-----w c:\program files\TransVente
    2008-10-30 22:56 96,384 ----a-w c:\windows\system32\drivers\sptd1981.sys
    2008-10-29 23:59 --------- d-----w c:\program files\Java
    2008-10-27 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\UDL
    2008-10-27 15:41 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-27 15:41 --------- d-----w c:\program files\Epson Software
    2008-10-27 15:38 --------- d-----w c:\documents and settings\BOB51\Application Data\InstallShield
    2008-10-27 15:37 --------- d-----w c:\program files\epson
    2008-10-27 15:36 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
    2008-10-27 15:33 --------- d-----w c:\documents and settings\BOB51\Application Data\EPSON
    2008-10-26 13:44 --------- d-----w c:\program files\Fichiers communs\Application
    2008-10-26 13:44 --------- d-----w c:\documents and settings\BOB51\Application Data\SPAMfighter
    2008-10-26 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-17 20:14 --------- d-----w c:\program files\IDoser v4
    2008-10-14 23:38 4,584 ----a-w c:\windows\BricoPackFoldersDelete.cmd
    2008-10-14 23:37 45,686 ----a-w c:\windows\BricoPackUninst.cmd
    2008-10-14 23:09 --------- d-----w c:\program files\Atari
    2008-10-08 20:31 7,131,136 ----a-w C:\RealFlight.exe
    2008-09-29 10:53 847,872 ----a-w C:\LauncherG4.exe
    2008-09-06 13:09 880,640 ----a-w C:\QTOControl.dll
    2008-09-06 13:09 806,912 ----a-w C:\QTOLibrary.dll
    2008-09-06 13:09 782,336 ----a-w C:\QTInfo.exe
    2008-09-06 13:09 7,685,424 ----a-w C:\QuickTimePlayer.exe
    2008-09-06 13:09 548,864 ----a-w C:\PictureViewer.exe
    2008-09-06 13:09 413,696 ----a-w C:\QTTask.exe
    2008-09-06 13:09 352,256 ----a-w C:\QTUIPanelControl.dll
    2006-11-22 19:01 54 ----a-w c:\program files\inc1.bat
    2006-11-22 19:01 41 ----a-w c:\program files\sleep.bat
    2006-07-18 13:41 1,019,094 --sha-r c:\program files\serial.tde
    2006-07-16 19:16 194,133 ----a-w c:\program files\patcher.exe
    2006-07-13 19:36 280,692 ----a-w c:\program files\dr.exe
    2006-07-13 19:23 291,956 ----a-w c:\program files\shell32.exe
    2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.zip
    2006-05-28 16:46 397,306 --sha-r c:\program files\wunauclt.tbe
    2006-05-28 16:34 435,756 ----a-w c:\program files\wunauclt.exe
    2005-09-28 09:56 185,856 ----a-w c:\program files\7za.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of c:\program files\Dashnamemove ----


    ---- Directory of c:\program files\Fichiers communs\knifeedge ----

    2008-10-02 18:24 1871872 --a------ c:\program files\Fichiers communs\knifeedge\LauncherHelperG4.exe


    ((((((((((((((((((((((((((((( snapshot@2008-12-01_23.27.32.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-12-03 18:14:27 884,736 ----a-w c:\windows\gmer.dll
    + 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
    + 2001-05-22 22:45:04 45,056 ----a-w c:\windows\PANIC32.dll
    + 2001-09-16 10:44:04 40,960 ----a-w c:\windows\PANICNT.dll
    - 2008-10-30 22:58:32 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2008-12-03 15:33:00 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-10-30 22:58:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-12-03 15:33:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-10-30 22:58:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-03 15:33:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-03 18:14:27 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
    - 2008-11-20 18:10:42 63,862 ----a-w c:\windows\system32\perfc009.dat
    + 2008-12-01 22:26:22 63,862 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-20 18:10:42 77,476 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-12-01 22:26:23 77,476 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-11-20 18:10:42 406,662 ----a-w c:\windows\system32\perfh009.dat
    + 2008-12-01 22:26:23 406,662 ----a-w c:\windows\system32\perfh009.dat
    - 2008-11-20 18:10:43 474,972 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-12-01 22:26:23 474,972 ----a-w c:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
    2008-04-02 13:24 266240 --a------ c:\program files\Epson Software\Easy Photo Print\EPTBL.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"= "c:\program files\Epson Software\Easy Photo Print\EPTBL.dll" [2008-04-02 266240]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "FIRSTFACE"="c:\docume~1\BOB51\APPLIC~1\DASHNA~1\ANTI CAKE DVD.exe" [2008-11-27 505344]
    "TransVente"="c:\progra~1\TRANSV~1\TransVente.exe" [2006-11-23 40960]
    "EPSON BX300F Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE" [2008-01-22 188928]
    "ManyCam"="c:\documents and settings\BOB51\Bureau\msn plus\ManyCam 2.3\ManyCam.exe" [2008-10-14 1791272]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
    "WinampAgent"="c:\winamp\Winampa.exe" [2008-08-04 36352]
    "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
    "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "Adobe Photo Downloader"="c:\photoshop album edition découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2006-09-19 212992]
    "BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-27 49152]
    "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-10-22 325768]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-19 185872]
    "m6"="c:\m6video\M6video.exe" [BU]
    "book bows bolt bib"="c:\documents and settings\All Users\Application Data\BONE ABOUT BOOK BOWS\list deaf.exe" [BU]
    "uPlayMe"="c:\program files\uPlayMe\uPlayMe.exe" [BU]
    "Pop-Up Stopper"="c:\program files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-14 868352]
    "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Explorer"= {58005BE1-21D6-4575-AFB9-B030753FBDF6} - c:\documents and settings\All Users\Application Data\Microsoft\Protect\pjyxzjabti.dll [2008-12-02 928256]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:bizzard downloader
    "6112:UDP"= 6112:UDP:bizzard downloader
    "4762:TCP"= 4762:TCP:emule

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-10-22 184968]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-07-25 476672]
    S3 ZSMC326;LUXYA WC-1300 USB2.0 PC Camera;c:\windows\system32\Drivers\usbvm323.sys [2007-07-25 259968]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0034b039-9e5e-4e5c-a439-a9e2dbfd98d2} - c:\windows\system32\iyrdbl.dll
    BHO-{513098F5-5E33-4F2F-B419-162133078C87} - c:\windows\system32\fccyaXnk.dll
    BHO-{59029086-5125-40EE-9369-53DE58284124} - c:\windows\system32\tuvUKAtt.dll
    BHO-{75432cef-8201-4fa4-b2f8-c08e166b9a28} - c:\windows\system32\rbzasa.dll
    HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
    SSODL-OLESys-{B0B28A0F-73C0-446E-BB4B-FA5C285A7BED} - c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\OLESys.dll



    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-05 00:14:24
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\windows\system32\wsc32x.exe 294912 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    "ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\0
    [%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00.\03pè\13\00pè\13\00\18î"

    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    c:\windows\system32\FTRTSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    c:\apps\Powercinema\Kernel\TV\CLSched.exe
    c:\progra~1\Wanadoo\TaskBarIcon.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\progra~1\Wanadoo\GestionnaireInternet.exe
    c:\progra~1\Wanadoo\ComComp.exe
    c:\progra~1\Wanadoo\PollingModule.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\wsc32x.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\ALERTM~1\ALERTM~1.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2008-12-05 0:18:50 - La machine a redémarré [BOB51]
    ComboFix-quarantined-files.txt 2008-12-04 23:18:47
    ComboFix2.txt 2008-12-01 22:29:54

    Avant-CF: 49,228,419,072 octets libres
    Après-CF: 49,206,968,320 octets libres

    347 --- E O F --- 2008-12-01 02:00:20
    5 Décembre 2008 10:13:25

    Re,

    J'aurais besoin d'un nouveau rapport DDS.txt. Refais un scan avec l'outil et poste-moi le nouveau rapport.

    ;) 
    Anonyme
    5 Décembre 2008 14:33:22

    slt je vais en refaire un ,juste pour te dire que le virus guard 2008 n es plus la ,dumoin je le voit plus depuis que j ai lancer conbofix bizarre non ? parcontre j ai toujours 2 croix rouge a coter de l horloge c windows security center
    5 Décembre 2008 16:34:32

    Citation :
    slt je vais en refaire un ,juste pour te dire que le virus guard 2008 n es plus la ,dumoin je le voit plus depuis que j ai lancer conbofix bizarre non ? parcontre j ai toujours 2 croix rouge a coter de l horloge c windows security center



    Oui oui il reste du ménage à faire, et même pas mal encore :D 

    Mais j'ai besoin du rapport demandé.

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS