[OK] problème récurrent, Log Hijack, MERCI!

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Rapport OTLists V1309

Messagede ms3deb » 13 Juin 2009, 07:21

Bonjour,
Le fichier ci-dessus ne se terminant par "End", j'ai refait tourné mais rine n'y change.
Je te joins un nouveau log, espérant que cela correspond à ta demande.

Concernant le PC:
    Plus d'ouvertoure de fenetre intempestives même quand je n'étais pas sur le net
    Avast semble corrompu, un écran rouge s'ouvre... mais pas le normal. Je vais passer sur Avira dés que tu me valides.
    Des MAJ Windows ne cesse d'arriver. Dois-je les faire ou j'attends?
    Dans l'ensemble le PC rame un peu et le CU tourne souvent pour rien...

      Merci encore et passe un bon week-end,
      @+

      OTL logfile created on: 13/06/2009 08:10:39 - Run 3
      OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\ROMAIN DELOFFRE\Bureau
      Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 7.0.5730.11)
      Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      894,04 Mb Total Physical Memory | 267,37 Mb Available Physical Memory | 29,91% Memory free
      1,46 Gb Paging File | 0,88 Gb Available in Paging File | 60,00% Paging File free
      Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 74,53 Gb Total Space | 21,25 Gb Free Space | 28,52% Space Free | Partition Type: NTFS
      D: Drive not present or media not loaded
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      H: Drive not present or media not loaded
      I: Drive not present or media not loaded

      Computer Name: WROMI
      Current User Name: ROMAIN DELOFFRE
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: All users
      Output = Standard
      File Age = 30 Days
      Company Name Whitelist: On

      ========== Processes (SafeList) ==========

      PRC - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
      PRC - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
      PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
      PRC - [2009/02/28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
      PRC - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      PRC - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
      PRC - [2005/09/26 12:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
      PRC - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
      PRC - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
      PRC - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
      PRC - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
      PRC - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
      PRC - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      PRC - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      PRC - [2005/08/05 13:34:32 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
      PRC - [2006/03/17 15:37:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      PRC - [2006/04/18 00:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
      PRC - [2005/12/16 02:41:28 | 00,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe
      PRC - [2006/03/18 08:22:26 | 00,089,541 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
      PRC - [2004/03/24 07:40:42 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
      PRC - [2006/04/04 14:57:18 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
      PRC - [2005/12/22 13:19:34 | 01,077,329 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
      PRC - [2006/03/16 13:27:26 | 00,634,880 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
      PRC - [2005/06/06 09:58:44 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
      PRC - [2005/08/12 11:14:30 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
      PRC - [2005/05/17 09:24:50 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
      PRC - [2006/02/02 13:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
      PRC - [2006/04/28 11:38:12 | 00,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
      PRC - [2005/05/11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      PRC - [2008/11/26 19:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      PRC - [2004/06/09 15:37:02 | 00,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE
      PRC - [2005/04/11 16:08:00 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      PRC - [2006/05/10 13:24:34 | 00,278,528 | ---- | M] () -- C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
      PRC - [2005/08/05 13:34:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
      PRC - [2005/08/12 11:14:16 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
      PRC - [2003/02/26 20:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
      PRC - [2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      PRC - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
      PRC - [2009/06/11 21:10:59 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe

      ========== Win32 Services (SafeList) ==========

      SRV - [2005/09/26 12:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
      SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
      SRV - [2008/11/26 19:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
      SRV - [2006/03/18 02:17:46 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
      SRV - [2008/11/26 19:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
      SRV - [2008/11/26 19:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
      SRV - [2008/11/26 19:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
      SRV - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
      SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
      SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
      SRV - [2005/08/05 15:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
      SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
      SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
      SRV - [2005/08/05 13:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
      SRV - [2004/08/10 07:30:26 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
      SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Running])
      SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
      SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
      SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
      SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
      SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
      SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv [Auto | Running])
      SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
      SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
      SRV - [2001/11/12 13:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [Auto | Running])

      ========== Driver Services (SafeList) ==========

      DRV - [2008/11/26 19:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
      DRV - [2006/12/24 21:34:01 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
      DRV - [2006/03/18 07:36:42 | 01,155,584 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
      DRV - [2004/11/16 01:22:08 | 00,101,874 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
      DRV - [2006/04/01 17:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
      DRV - [2008/11/26 19:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
      DRV - [2008/11/26 19:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
      DRV - [2008/11/26 19:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
      DRV - [2008/11/26 19:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
      DRV - [2008/11/26 19:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
      DRV - [2006/03/18 02:24:10 | 01,520,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
      DRV - [2008/04/13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
      DRV - [2006/04/18 01:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
      DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
      DRV - [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
      DRV - [2003/08/04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
      DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
      DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
      DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
      DRV - [2007/05/31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
      DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
      DRV - [2004/08/10 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
      DRV - [2004/06/28 19:35:24 | 00,069,760 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
      DRV - [2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
      DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
      DRV - [2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
      DRV - [2006/03/02 18:49:50 | 00,015,360 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
      DRV - [2006/04/18 15:12:00 | 00,098,816 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tdudf.sys -- (tdudf [Auto | Running])
      DRV - [2006/01/05 16:31:20 | 00,011,264 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\Drivers\TPwSav.sys -- (TPwSav [System | Running])
      DRV - [2006/04/25 09:01:48 | 00,043,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
      DRV - [2005/11/28 10:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])
      DRV - [2005/02/26 16:25:52 | 00,091,527 | ---- | M] (VM) -- C:\WINDOWS\System32\Drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])

      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


      IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
      IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
      IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
      IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
      IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
      IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
      IE - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\S-1-5-21-3277060119-1734204101-523286688-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "Google"
      FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
      FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"
      FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20090119W
      FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1
      FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA5&q="

      FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2008/11/09 05:15:29 | 00,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/11/09 05:15:16 | 00,000,000 | ---D | M]
      FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2008/11/09 05:15:13 | 00,000,000 | ---D | M]

      [2009/06/03 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Extensions
      [2009/06/03 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
      [2009/06/03 19:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Firefox\Profiles\0xf1yc4j.default\extensions
      [2009/06/03 19:24:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\mozilla\Firefox\Profiles\0xf1yc4j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
      [2009/06/03 19:24:55 | 00,001,711 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\Mozilla\FireFox\Profiles\0xf1yc4j.default\searchplugins\livecom.xml
      [2009/06/09 23:01:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
      [2008/11/09 05:15:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2008/05/03 02:10:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\google-gzfb@partners.mozilla.com
      [2008/07/03 04:56:53 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
      [2008/07/03 04:56:53 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
      [2006/09/10 13:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
      [2006/06/04 20:56:02 | 00,001,055 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
      [2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
      [2006/09/10 13:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
      [2008/03/29 15:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
      [2006/09/12 20:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

      O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
      O3 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
      O3 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
      O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
      O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
      O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
      O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam (BIGDOG)
      O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
      O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
      O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
      O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
      O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP (TOSHIBA CO.,LTD.)
      O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
      O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
      O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
      O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)
      O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
      O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
      O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
      O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
      O4 - HKLM..\Run: [Zooming] ZoomingHook.exe (TOSHIBA)
      O4 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
      O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
      O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk = C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe ()
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-3277060119-1734204101-523286688-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
      O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
      O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
      O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
      O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
      O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
      O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (System Requirements Lab Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
      O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
      O24 - Desktop Components:0 () - C:\Program Files\MSN Gaming Zone\profsybywuus.html
      O24 - Desktop Components:1 (Ma page d'accueil) - About:Home
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/09/25 13:03:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck) - File not found
      O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
      O34 - HKLM BootExecute: (*) - * [2009/06/13 00:02:26 | 00,000,000 | ---D | M]

      ========== Files/Folders - Created Within 30 Days ==========

      [1 C:\WINDOWS\*.tmp files]
      [2009/06/13 08:06:37 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
      [2009/06/13 08:06:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
      [2009/06/13 00:06:46 | 00,000,000 | ---D | C] -- C:\_OTL
      [2009/06/11 21:14:26 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
      [2009/06/11 21:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
      [2009/06/11 21:11:43 | 00,577,997 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\Navilog1.exe
      [2009/06/11 21:10:54 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe
      [2009/06/10 21:54:31 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\HijackThis.lnk
      [2009/06/10 21:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
      [2009/06/10 21:54:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\hijackthis_hijackthis_2.02_anglais_17891.exe
      [2009/06/09 22:56:45 | 00,893,464 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\cc_20090609_225637.reg
      [2009/06/09 22:23:39 | 03,247,736 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\ccsetup220.exe
      [2009/06/09 22:21:10 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\mbam-setup.exe
      [2009/06/07 17:48:54 | 00,008,001 | ---- | C] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mon thème favori.theme
      [2009/06/06 12:56:50 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\net.net
      [2009/03/29 23:27:54 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
      [2008/06/23 21:42:03 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
      [2008/02/08 01:05:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
      [2008/02/07 01:57:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
      [2007/12/09 15:23:44 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
      [2007/05/09 00:24:33 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
      [2006/12/12 18:30:26 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
      [2006/12/12 18:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
      [2006/09/26 11:40:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
      [2006/09/26 07:28:24 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
      [2006/09/26 07:01:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
      [2006/09/26 07:01:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
      [2006/09/26 07:01:36 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
      [2006/09/26 07:01:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
      [2006/09/26 07:01:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
      [2006/09/26 07:01:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
      [2006/09/26 07:01:36 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
      [2006/09/26 06:51:11 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
      [2006/09/26 06:51:11 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
      [2006/09/26 06:33:15 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
      [2006/09/25 14:42:59 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
      [2006/09/25 14:42:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
      [2006/09/25 14:42:59 | 00,010,177 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
      [2006/09/25 14:42:59 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
      [2006/09/25 14:19:16 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
      [2006/09/25 12:41:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
      [2006/09/25 12:41:42 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
      [2006/09/25 12:41:06 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
      [2006/09/25 12:41:04 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
      [2006/01/05 18:49:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
      [2006/01/05 17:36:22 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
      [2006/01/04 10:59:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
      [2005/12/09 14:36:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
      [2005/11/23 13:55:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
      [2005/08/05 15:38:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
      [2005/04/28 03:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
      [2005/04/28 03:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
      [2003/04/01 11:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

      ========== Files - Modified Within 30 Days ==========

      [23 C:\WINDOWS\System32\*.tmp files]
      [1 C:\WINDOWS\*.tmp files]
      [2009/06/13 08:08:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
      [2009/06/13 08:04:16 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2009/06/13 08:03:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
      [2009/06/13 08:03:34 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\desktop.ini
      [2009/06/13 08:03:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2009/06/13 08:03:25 | 93,753,7536 | -HS- | M] () -- C:\hiberfil.sys
      [2009/06/11 21:14:26 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
      [2009/06/11 21:11:49 | 00,577,997 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\Navilog1.exe
      [2009/06/11 21:10:59 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\OTL.exe
      [2009/06/10 21:54:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\HijackThis.lnk
      [2009/06/10 21:54:07 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\hijackthis_hijackthis_2.02_anglais_17891.exe
      [2009/06/09 22:56:53 | 00,893,464 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\cc_20090609_225637.reg
      [2009/06/09 22:35:59 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\CCleaner.lnk
      [2009/06/09 22:23:39 | 03,247,736 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\ccsetup220.exe
      [2009/06/09 22:21:10 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ROMAIN DELOFFRE\Bureau\mbam-setup.exe
      [2009/06/07 17:48:55 | 00,008,001 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mon thème favori.theme
      [2009/06/06 12:56:50 | 00,110,592 | ---- | M] () -- C:\WINDOWS\System32\net.net
      [2009/06/05 14:27:38 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\ROMAIN DELOFFRE\Mes documents\Mes dossiers de partage.lnk
      [2009/06/01 18:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
      [2009/05/26 21:48:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
      [2009/05/26 21:48:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
      [2009/05/26 21:29:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
      [2009/05/26 21:29:19 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
      [2009/05/25 22:42:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
      [2009/05/25 22:42:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
      [2009/05/25 11:53:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
      [2009/05/25 11:53:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
      <End>
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Messagede nickW » 15 Juin 2009, 00:28

Bonsoir,

Je n'ai jamais écrit que le rapport de correction de OTL devait se terminer par <End>! :wink:


Les dernières mises à jour Microsoft, classées par date, dans la catégorie "Sécurité & Mises à jour", sont sur cette page:
http://www.microsoft.com/downloads/Brow ... teria=date
Voir également: http://assiste.forum.free.fr/viewtopic.php?t=24238

Cela correspond-t-il à ton "Des MAJ Windows ne cesse d'arriver."? (sic)


Peux-tu demander l'analyse en ligne d'un fichier:

VirusTotal
Aller sur le site http://www.virustotal.com/fr/ - Note: Javascript doit être activé.

Sous Envoyer un fichier, cliquer sur le bouton Parcourir
Dans la fenêtre "Envoi du fichier", naviguer jusqu'au dossier C:\WINDOWS\System32, puis sélectionner le fichier net.net et cliquer sur le bouton Ouvrir

Le fichier est envoyé. Si Virustotal annonce que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

Il est possible que l'analyse soit mise en file d'attente (si de nombreuses demandes d'analyse sont en cours). Il faut dans ce cas patienter, sans Actualiser la page.

Laisser l'analyse se dérouler, tant que la mention en cours d'analyse est affichée.

Lorsque l'analyse est terminée (affichage de Situation actuelle: terminé), cliquer sur Image Formaté (situé juste sous le cadre Fichier... reçu le... - Résultat...)

Il y a ouverture d'une nouvelle fenêtre du navigateur. cliquer sur la seconde image à partir de la gauche: Image

Faire un clic droit sur la page puis choisir Sélectionner tout, faire de nouveau un clic droit puis choisir Copier

Revenir sur le forum, dans ce sujet, cliquer sur le bouton Répondre, puis Coller dans le nouveau message le résultat de Virustotal.



Ensuite, effectuer une nouvelle recherche:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)

Étape 1: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 2: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Rapport Virus Total

Messagede ms3deb » 15 Juin 2009, 18:19

Bjr,

Autant pour moi -))
Voici le rapport demandé, merci d'avance,


Fichier net.net reçu le 2009.06.15 17:17:17 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.15 Trojan-Clicker.Win32.VBiframe!IK
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 TR/Crypt.XPACK.Gen
Antiy-AVL 2.0.3.1 2009.06.15 Trojan/Win32.VBiframe.gen
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.15 Clicker.ZKH
BitDefender 7.2 2009.06.15 Trojan.Generic.1953699
CAT-QuickHeal 10.00 2009.06.15 TrojanClicker.VBiframe.jq
ClamAV 0.94.1 2009.06.15 -
Comodo 1336 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 Trojan.Click.25308
eSafe 7.0.17.0 2009.06.15 Win32.TRCrypt.XPACK
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.14 -
F-Secure 8.0.14470.0 2009.06.15 Trojan-Clicker.Win32.VBiframe.jq
Fortinet 3.117.0.0 2009.06.15 W32/AdClicker.C!tr
GData 19 2009.06.15 Trojan.Generic.1953699
Ikarus T3.1.1.59.0 2009.06.15 Trojan-Clicker.Win32.VBiframe
Jiangmin 11.0.706 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 Trojan-Clicker.Win32.VBiframe.jq
Kaspersky 7.0.0.125 2009.06.15 Trojan-Clicker.Win32.VBiframe.jq
McAfee 5647 2009.06.15 Generic AdClicker.c
McAfee+Artemis 5647 2009.06.15 Generic AdClicker.c
McAfee-GW-Edition 6.7.6 2009.06.15 Trojan.Crypt.XPACK.Gen
Microsoft 1.4701 2009.06.15 TrojanDownloader:Win32/Pacoheir.A
NOD32 4156 2009.06.15 a variant of Win32/TrojanClicker.Punad.AA
Norman 6.01.09 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.14 Generic Trojan
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 High Risk Cloaked Malware
Rising 21.34.04.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.14 -
Symantec 1.4.4.12 2009.06.15 Trojan Horse
TheHacker 6.3.4.3.345 2009.06.15 Trojan/Clicker.VBiframe.jq
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 Trojan-Clicker.Win32.VBiframe.jq
ViRobot 2009.6.15.1787 2009.06.15 -
Information additionnelle
File size: 110592 bytes
MD5...: 6f3db834bc59ffe4424efd6cbd385064
SHA1..: 5c56c3d4ab257aeab5f7deb588e7340ab2e02deb
SHA256: 74e005525ecd43444ac10b7245c9faaa85660001160b62dee71b44431cf7a461
ssdeep: -<br>
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x12e7<br>timedatestamp.....: 0x4a248e8c (Tue Jun 02 02:29:32 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xbdf0 0x5000 7.81 c4df53a0d1651455466ea22dfd922ce0<br>.data 0xd000 0xe54 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0xe000 0x3da8 0x4000 3.48 941f77d46672ed6a706cfb442a3b2905<br>.adata 0x12000 0x1caa0 0x11000 8.00 d05a4d3a849b0b13f1555a0111460d8f<br><br>( 4 imports ) <br>&gt; kernel32.dll: GetModuleHandleA, ExitProcess, GetProcAddress, HeapCreate, GetCurrentProcess<br>&gt; user32.dll: CreateWindowExA, SetWindowLongA, wsprintfA, CloseWindow<br>&gt; advapi32.dll: RegSetValueA, RegEnumValueA, RegEnumKeyA, RegDeleteKeyA<br>&gt; ole32.dll: CoInitializeEx, OleRun, CoInitialize, CoCreateInstanceEx<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Prevx info: &lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7FCCF50600210BD3B03101122AFA0F00C8C3F7CC' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=7FCCF50600210BD3B03101122AFA0F00C8C3F7CC&lt;/a&gt;

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.15 Trojan-Clicker.Win32.VBiframe!IK
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 TR/Crypt.XPACK.Gen
Antiy-AVL 2.0.3.1 2009.06.15 Trojan/Win32.VBiframe.gen
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.15 Clicker.ZKH
BitDefender 7.2 2009.06.15 Trojan.Generic.1953699
CAT-QuickHeal 10.00 2009.06.15 TrojanClicker.VBiframe.jq
ClamAV 0.94.1 2009.06.15 -
Comodo 1336 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 Trojan.Click.25308
eSafe 7.0.17.0 2009.06.15 Win32.TRCrypt.XPACK
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.14 -
F-Secure 8.0.14470.0 2009.06.15 Trojan-Clicker.Win32.VBiframe.jq
Fortinet 3.117.0.0 2009.06.15 W32/AdClicker.C!tr
GData 19 2009.06.15 Trojan.Generic.1953699
Ikarus T3.1.1.59.0 2009.06.15 Trojan-Clicker.Win32.VBiframe
Jiangmin 11.0.706 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 Trojan-Clicker.Win32.VBiframe.jq
Kaspersky 7.0.0.125 2009.06.15 Trojan-Clicker.Win32.VBiframe.jq
McAfee 5647 2009.06.15 Generic AdClicker.c
McAfee+Artemis 5647 2009.06.15 Generic AdClicker.c
McAfee-GW-Edition 6.7.6 2009.06.15 Trojan.Crypt.XPACK.Gen
Microsoft 1.4701 2009.06.15 TrojanDownloader:Win32/Pacoheir.A
NOD32 4156 2009.06.15 a variant of Win32/TrojanClicker.Punad.AA
Norman 6.01.09 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.14 Generic Trojan
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 High Risk Cloaked Malware
Rising 21.34.04.00 2009.06.15 -
Sophos 4.42.0 2009.06.15 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.14 -
Symantec 1.4.4.12 2009.06.15 Trojan Horse
TheHacker 6.3.4.3.345 2009.06.15 Trojan/Clicker.VBiframe.jq
TrendMicro 8.950.0.1092 2009.06.15 -
VBA32 3.12.10.7 2009.06.14 Trojan-Clicker.Win32.VBiframe.jq
ViRobot 2009.6.15.1787 2009.06.15 -

Information additionnelle
File size: 110592 bytes
MD5...: 6f3db834bc59ffe4424efd6cbd385064
SHA1..: 5c56c3d4ab257aeab5f7deb588e7340ab2e02deb
SHA256: 74e005525ecd43444ac10b7245c9faaa85660001160b62dee71b44431cf7a461
ssdeep: -<br>
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x12e7<br>timedatestamp.....: 0x4a248e8c (Tue Jun 02 02:29:32 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xbdf0 0x5000 7.81 c4df53a0d1651455466ea22dfd922ce0<br>.data 0xd000 0xe54 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0xe000 0x3da8 0x4000 3.48 941f77d46672ed6a706cfb442a3b2905<br>.adata 0x12000 0x1caa0 0x11000 8.00 d05a4d3a849b0b13f1555a0111460d8f<br><br>( 4 imports ) <br>&gt; kernel32.dll: GetModuleHandleA, ExitProcess, GetProcAddress, HeapCreate, GetCurrentProcess<br>&gt; user32.dll: CreateWindowExA, SetWindowLongA, wsprintfA, CloseWindow<br>&gt; advapi32.dll: RegSetValueA, RegEnumValueA, RegEnumKeyA, RegDeleteKeyA<br>&gt; ole32.dll: CoInitializeEx, OleRun, CoInitialize, CoCreateInstanceEx<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
Prevx info: &lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7FCCF50600210BD3B03101122AFA0F00C8C3F7CC' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=7FCCF50600210BD3B03101122AFA0F00C8C3F7CC&lt;/a&gt;
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Malwarebytes!

Messagede ms3deb » 15 Juin 2009, 19:14

Malheureusement, impossible d'installer le logiciel. Bloque à la finalisation installation, rien n'y fait!
Tu vois une autre alternative,
Merci

Bonne soirée,
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Messagede ms3deb » 16 Juin 2009, 19:55

Re,

J'ai beau réessayé, parfois cela bloque même à l'exécution du logiciel.
Etrange,

Merci d'avance
@+
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Messagede nickW » 17 Juin 2009, 00:20

Bonsoir,

Utilisation d'un autre outil:

Étape 1: RootRepeal (de AD)
Télécharger RootRepeal via un clic droit sur le lien ci-dessous:
http://rootrepeal.googlepages.com/RootRepeal.zip
Enregistrer le fichier sur le Bureau.
Créer un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)

Décompresser l'archive téléchargée dans ce nouveau dossier RootRepeal


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"


Étape 3: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre)
Cliquer sur le bouton Scan
Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur C:
Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible
Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-090616.txt

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: Résultats
Envoyer en réponse:
*- le rapport de RootRepeal (contenu du fichier RootRepeal-090616.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Rapp/ Rootrepeal

Messagede ms3deb » 17 Juin 2009, 12:25

Bonjour,
Merci de ton retour sur la question,
Voici le log sachant que j'ai toujours des fenêtres intempestives et bugs divers.

Merci,
@+

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/17 13:19
Program Version: Version 1.3.0.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE559000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C8C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEB0EA000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETqrsvdfdy.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETqrsvdfdy.sys
Address: 0xEE8A2000 Size: 163840 File Visible: - Signed: -
Status: Hidden from Windows API!

Name: UACmxfqgenftjkowfo.sys
Image Path: C:\WINDOWS\system32\drivers\UACmxfqgenftjkowfo.sys
Address: 0xEE88E000 Size: 81920 File Visible: - Signed: -
Status: Hidden from Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\SKYNETbqhoppjn.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETlktehxfu.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETsimwbabd.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACgipuhkaqwbykxpo.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UAChxbbsiwmupkrjkl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACielmlkprrwuirvr.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACjutnxwmyxmpowgi.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACknbaqbdubryqgqq.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACovgjteekyjwslwk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACtbhovrkkdrdlynd.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uactmp.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACwilthfwopavqyxv.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACytoblhtprujdpbw.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETkibabwyxvn.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETmccfunvopg.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETntixnstikp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETopcvbvrxtf.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETseqwhfmuwp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETthxjinlnsm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETuicqobyuwp.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETvtadcpxusi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETxemjcndsim.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC268e.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC5b98.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbdworenxwi.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETbvfvnmxnsm.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETdiemcuwqit.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETemsppegqsx.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETetbdmewtft.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNEThimvpuspma.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\SKYNETimqienwhos.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETqrsvdfdy.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACmxfqgenftjkowfo.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Philips SPC210NC Webcam
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Temp\UAC3321.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\39\123-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v139-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v123-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\39\40-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v39-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v40-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\66\149-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v166-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v149-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\66\55-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v66-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v55-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\00\79-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v100-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v79-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\01\10-{35367A31-7CCB-01BA-36BC-8CEE2568677B}-v1-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\01\80-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v101-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v80-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\02\87-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v102-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v87-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\03\86-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v103-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v86-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\04\193-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v504-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v193-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\04\88-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v104-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v88-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\05\89-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v105-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v89-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\06\90-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v106-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v90-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\07\91-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v107-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v91-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\08\92-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v108-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v92-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\09\93-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v109-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v93-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\10\94-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v110-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v94-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\11\95-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v111-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v95-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\12\96-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v112-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v96-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\13\13-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v13-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v13-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\13\97-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v113-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v97-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\14\23-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v14-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v23-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\14\98-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v114-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v98-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\15\22-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v15-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v22-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\15\99-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v115-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v99-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\16\100-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v116-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v100-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\16\24-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v16-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v24-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\17\101-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v117-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v101-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\17\16-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v17-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v16-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\17\17-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v17-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v17-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\18\102-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v118-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v102-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\18\18-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v18-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v18-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\18\184-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v218-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v184-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\19\103-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v119-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v103-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\19\29-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v19-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v29-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\20\104-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v120-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v104-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\20\30-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v20-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v30-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\21\105-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v121-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v105-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\21\31-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v21-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v31-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\22\106-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v122-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v106-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\22\19-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v22-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v19-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\23\107-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v123-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v107-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\23\20-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v23-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v20-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\24\108-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v124-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v108-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\24\21-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v24-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v21-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\25\109-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v125-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v109-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\26\110-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v126-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v110-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\26\32-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v26-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v32-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\27\111-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v127-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v111-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\28\112-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v128-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v112-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\28\33-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v28-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v33-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\29\113-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v129-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v113-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\30\114-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v130-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v114-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\31\115-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v131-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v115-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\32\116-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v132-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v116-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\32\34-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v32-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v34-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\33\117-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v133-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v117-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\33\35-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v33-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v35-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\34\118-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v134-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v118-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\34\25-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v34-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v25-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\35\119-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v135-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v119-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\35\36-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v35-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v36-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\36\120-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v136-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v120-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\36\38-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v36-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v38-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\37\121-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v137-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v121-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\37\26-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v37-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v26-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\38\122-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v138-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v122-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\38\39-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v38-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v39-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\40\124-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v140-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v124-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\40\41-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v40-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v41-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\41\125-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v141-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v125-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primsStealth Objects
-------------------
Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: winlogon.exe (PID: 624) Address: 0x008b0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: winlogon.exe (PID: 624) Address: 0x007f0000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: winlogon.exe (PID: 624) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: services.exe (PID: 676) Address: 0x008f0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: services.exe (PID: 676) Address: 0x009b0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: services.exe (PID: 676) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: lsass.exe (PID: 688) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: lsass.exe (PID: 688) Address: 0x00a00000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: lsass.exe (PID: 688) Address: 0x00920000 Size: 45056

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: Ati2evxx.exe (PID: 840) Address: 0x00cf0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: Ati2evxx.exe (PID: 840) Address: 0x00db0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: Ati2evxx.exe (PID: 840) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UAChxbbsiwmupkrjkl.dll]
Process: svchost.exe (PID: 856) Address: 0x02e90000 Size: 53248

Object: Hidden Module [Name: SKYNETlktehxfu.dll]
Process: svchost.exe (PID: 856) Address: 0x00930000 Size: 57344

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 856) Address: 0x009c0000 Size: 45056

Object: Hidden Module [Name: UACtbhovrkkdrdlynd.dll]
Process: svchost.exe (PID: 856) Address: 0x00980000 Size: 81920

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 856) Address: 0x00a60000 Size: 49152

Object: Hidden Module [Name: UAC268e.tmpteekyjwslwk.dll]
Process: svchost.exe (PID: 856) Address: 0x00c70000 Size: 200704

Object: Hidden Module [Name: UACwilthfwopavqyxv.dll]
Process: svchost.exe (PID: 856) Address: 0x00d60000 Size: 69632

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 856) Address: 0x00f00000 Size: 45056

Object: Hidden Module [Name: UACovgjteekyjwslwk.dll]
Process: svchost.exe (PID: 856) Address: 0x02c70000 Size: 200704

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 856) Address: 0x02df0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: svchost.exe (PID: 856) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 984) Address: 0x009e0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 984) Address: 0x00930000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: svchost.exe (PID: 984) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 1060) Address: 0x00930000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 1060) Address: 0x009e0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: svchost.exe (PID: 1060) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 1172) Address: 0x00830000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 1172) Address: 0x009f0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: svchost.exe (PID: 1172) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: Ati2evxx.exe (PID: 1360) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: Ati2evxx.exe (PID: 1360) Address: 0x00cf0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: Ati2evxx.exe (PID: 1360) Address: 0x00db0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 1440) Address: 0x00830000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 1440) Address: 0x009f0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: svchost.exe (PID: 1440) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: Explorer.EXE (PID: 1468) Address: 0x00bc0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: Explorer.EXE (PID: 1468) Address: 0x00c80000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: Explorer.EXE (PID: 1468) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: Iexplore.exe (PID: 1500) Address: 0x00d60000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: Iexplore.exe (PID: 1500) Address: 0x00e30000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: Iexplore.exe (PID: 1500) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: spoolsv.exe (PID: 1744) Address: 0x00990000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: spoolsv.exe (PID: 1744) Address: 0x00c60000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: spoolsv.exe (PID: 1744) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: ctfmon.exe (PID: 1800) Address: 0x00b90000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: ctfmon.exe (PID: 1800) Address: 0x00c50000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: ctfmon.exe (PID: 1800) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: acs.exe (PID: 1956) Address: 0x00a90000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: acs.exe (PID: 1956) Address: 0x00720000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: acs.exe (PID: 1956) Address: 0x00b50000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 200) Address: 0x00930000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 200) Address: 0x009e0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: svchost.exe (PID: 200) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: CFSvcs.exe (PID: 280) Address: 0x00960000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: CFSvcs.exe (PID: 280) Address: 0x00990000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: CFSvcs.exe (PID: 280) Address: 0x00b70000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: ehtray.exe (PID: 360) Address: 0x00a30000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: ehtray.exe (PID: 360) Address: 0x00c00000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: ehtray.exe (PID: 360) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: atiptaxx.exe (PID: 376) Address: 0x00dd0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: atiptaxx.exe (PID: 376) Address: 0x00d10000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: atiptaxx.exe (PID: 376) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: RTHDCPL.EXE (PID: 384) Address: 0x01de0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: RTHDCPL.EXE (PID: 384) Address: 0x01c10000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: RTHDCPL.EXE (PID: 384) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: Ltmoh.exe (PID: 400) Address: 0x00a90000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: Ltmoh.exe (PID: 400) Address: 0x00af0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: Ltmoh.exe (PID: 400) Address: 0x00ec0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: AGRSMMSG.exe (PID: 408) Address: 0x009d0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: AGRSMMSG.exe (PID: 408) Address: 0x00da0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: AGRSMMSG.exe (PID: 408) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: Apoint.exe (PID: 416) Address: 0x00db0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: Apoint.exe (PID: 416) Address: 0x00cf0000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: Apoint.exe (PID: 416) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: TPTray.exe (PID: 424) Address: 0x00970000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: TPTray.exe (PID: 424) Address: 0x009d0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: TPTray.exe (PID: 424) Address: 0x00da0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: PadExe.exe (PID: 432) Address: 0x003f0000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: PadExe.exe (PID: 432) Address: 0x00dd0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: PadExe.exe (PID: 432) Address: 0x00e90000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: CeEKey.exe (PID: 440) Address: 0x00a00000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: CeEKey.exe (PID: 440) Address: 0x00a60000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: CeEKey.exe (PID: 440) Address: 0x00e30000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: ZoomingHook.exe (PID: 468) Address: 0x00990000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: ZoomingHook.exe (PID: 468) Address: 0x00a50000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: ZoomingHook.exe (PID: 468) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: TPSMain.exe (PID: 484) Address: 0x00a30000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: TPSMain.exe (PID: 484) Address: 0x00da0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: TPSMain.exe (PID: 484) Address: 0x00e60000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: SmoothView.exe (PID: 492) Address: 0x00cd0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: SmoothView.exe (PID: 492) Address: 0x00d90000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: SmoothView.exe (PID: 492) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: TvsTray.exe (PID: 500) Address: 0x00900000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: TvsTray.exe (PID: 500) Address: 0x00ae0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: TvsTray.exe (PID: 500) Address: 0x00db0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: ddwmon.exe (PID: 508) Address: 0x00d00000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: ddwmon.exe (PID: 508) Address: 0x00dc0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: ddwmon.exe (PID: 508) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: HPWuSchd2.exe (PID: 340) Address: 0x00cc0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: HPWuSchd2.exe (PID: 340) Address: 0x00d80000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: HPWuSchd2.exe (PID: 340) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: VM_STI.EXE (PID: 524) Address: 0x00d50000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: VM_STI.EXE (PID: 524) Address: 0x00c90000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: VM_STI.EXE (PID: 524) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: toscdspd.exe (PID: 572) Address: 0x00ad0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: toscdspd.exe (PID: 572) Address: 0x00da0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: toscdspd.exe (PID: 572) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: hpqtra08.exe (PID: 584) Address: 0x00af0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: hpqtra08.exe (PID: 584) Address: 0x00dc0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: hpqtra08.exe (PID: 584) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: TrayMin210.exe (PID: 580) Address: 0x00d10000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: TrayMin210.exe (PID: 580) Address: 0x00dd0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: TrayMin210.exe (PID: 580) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: ehRecvr.exe (PID: 1220) Address: 0x008c0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: ehRecvr.exe (PID: 1220) Address: 0x00980000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: ehRecvr.exe (PID: 1220) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: Apntex.exe (PID: 1712) Address: 0x00c90000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: Apntex.exe (PID: 1712) Address: 0x00d50000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: Apntex.exe (PID: 1712) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: ehSched.exe (PID: 1788) Address: 0x008a0000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: ehSched.exe (PID: 1788) Address: 0x00960000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: ehSched.exe (PID: 1788) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: hpqSTE08.exe (PID: 2188) Address: 0x009a0000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: hpqSTE08.exe (PID: 2188) Address: 0x00d00000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: hpqSTE08.exe (PID: 2188) Address: 0x00dc0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: TPSBattM.exe (PID: 2228) Address: 0x00970000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: TPSBattM.exe (PID: 2228) Address: 0x00d60000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: TPSBattM.exe (PID: 2228) Address: 0x00e30000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 2600) Address: 0x00930000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 2600) Address: 0x009e0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: svchost.exe (PID: 2600) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: svchost.exe (PID: 2624) Address: 0x009e0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: svchost.exe (PID: 2624) Address: 0x00930000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: svchost.exe (PID: 2624) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: TODDSrv.exe (PID: 2688) Address: 0x00ae0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: TODDSrv.exe (PID: 2688) Address: 0x00a20000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: TODDSrv.exe (PID: 2688) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: x10nets.exe (PID: 2800) Address: 0x01480000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: x10nets.exe (PID: 2800) Address: 0x01540000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: x10nets.exe (PID: 2800) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: mcrdsvc.exe (PID: 2828) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: mcrdsvc.exe (PID: 2828) Address: 0x00980000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: mcrdsvc.exe (PID: 2828) Address: 0x006b0000 Size: 45056

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: wmiprvse.exe (PID: 3228) Address: 0x00a10000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: wmiprvse.exe (PID: 3228) Address: 0x00af0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: wmiprvse.exe (PID: 3228) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: alg.exe (PID: 3248) Address: 0x00910000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: alg.exe (PID: 3248) Address: 0x009d0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: alg.exe (PID: 3248) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: ehmsas.exe (PID: 3976) Address: 0x013b0000 Size: 49152

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: ehmsas.exe (PID: 3976) Address: 0x012f0000 Size: 45056

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: ehmsas.exe (PID: 3976) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: UACytoblhtprujdpbw.dll]
Process: RootRepeal.exe (PID: 2592) Address: 0x01630000 Size: 45056

Object: Hidden Module [Name: UACielmlkprrwuirvr.dll]
Process: RootRepeal.exe (PID: 2592) Address: 0x016f0000 Size: 49152

Object: Hidden Module [Name: SKYNETsimwbabd.dll]
Process: RootRepeal.exe (PID: 2592) Address: 0x10000000 Size: 32768

Hidden Services
-------------------
Service Name: SKYNETpqoirrpr
Image Path: C:\WINDOWS\system32\drivers\SKYNETqrsvdfdy.sys

Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACmxfqgenftjkowfo.sys

==EOF==
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Messagede nickW » 17 Juin 2009, 23:45

Bonsoir,

Oups, deux pilotes de "rootkit" sont visibles!


Nettoyage (à effectuer avec soin):

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)


Étape 1: Malwarebytes' Anti-Malware, installation
Supprimer la version de MBAM que tu as téléchargée précédemment.
Télécharger Malwarebytes' Anti-Malware depuis l'un des liens ci-dessous:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"


Étape 3: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Files (en bas de la fenêtre)
Dans la nouvelle fenêtre Select Drives, cocher: C:\
puis cliquer sur OK

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, une liste de fichiers sera affichée dans la fenêtre de RootRepeal.
Certains de ces fichiers sont légitimes, mais deux d'entre eux appartiennent aux processus "rootkittés" qui empêchent le nettoyage.

Tu dois identifier ces fichiers.
Cela n'est pas très compliqué:
*- ils ont une extension .sys
*- leur nom est de la forme "préfixe" + "lettres aléatoires" + extension .sys
Les "préfixes" possibles sont:
TDSS
Seneka
GAOPDX
UACmsqpdx
kungsf
gxvxc
ovfsth
SKYNET
MSIVX


Dans le log que tu as envoyé, les fichiers se nomment SKYNETqrsvdfdy.sys et UACmxfqgenftjkowfo.sys mais leurs noms peuvent avoir changé.

Lorsque tu as identifié les fichiers, il faut, pour chacun d'entre eux, avec la souris faire un clic droit dessus et choisir l'option wipe file. Important: ne pas choisir d'autre option!
Fermer RootRepeal (Ouvrir le menu File, cliquer sur Exit).

Faire immédiatement redémarrer le PC.


Étape 4: Malwarebytes' Anti-Malware, installation et nettoyage
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".

Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 5: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre)
Cliquer sur le bouton Scan
Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (C:\).
Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible
Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-090617.txt

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de RootRepeal (contenu du fichier RootRepeal-090617.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Rapport RooRepeal

Messagede ms3deb » 18 Juin 2009, 12:24

Bonjour,
Comme tu dis OUPS...

Voici le premier rapport, Merci encore pour le temps consacré,
@+

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/18 13:20
Program Version: Version 1.3.0.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dtuew.sys
Image Path: dtuew.sys
Address: 0xF7724000 Size: 61440 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE4F1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C7A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEBCCF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Philips SPC210NC Webcam
Status: Locked to the Windows API!

Path: c:\documents and settings\romain deloffre\local settings\temp\etilqs_jmiax1d5itcjy43xp3np
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Application Data\Mozilla\Firefox\Profiles\0xf1yc4j.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\39\123-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v139-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v123-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\39\40-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v39-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v40-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\66\149-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v166-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v149-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\66\55-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v66-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v55-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\00\79-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v100-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v79-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\01\10-{35367A31-7CCB-01BA-36BC-8CEE2568677B}-v1-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\01\80-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v101-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v80-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\02\87-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v102-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v87-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\03\86-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v103-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v86-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\04\193-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v504-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v193-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\04\88-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v104-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v88-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\05\89-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v105-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v89-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\06\90-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v106-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v90-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\07\91-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v107-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v91-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\08\92-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v108-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v92-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\09\93-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v109-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v93-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\10\94-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v110-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v94-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\11\95-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v111-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v95-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\12\96-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v112-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v96-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\13\13-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v13-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v13-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\13\97-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v113-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v97-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\14\23-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v14-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v23-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\14\98-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v114-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v98-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\15\22-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v15-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v22-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\15\99-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v115-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v99-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\16\100-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v116-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v100-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\16\24-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v16-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v24-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\17\101-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v117-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v101-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\17\16-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v17-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v16-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\17\17-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v17-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v17-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\18\102-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v118-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v102-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\18\18-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v18-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v18-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\18\184-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v218-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v184-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\19\103-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v119-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v103-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\19\29-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v19-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v29-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\20\104-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v120-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v104-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\20\30-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v20-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v30-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\21\105-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v121-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v105-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\21\31-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v21-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v31-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\22\106-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v122-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v106-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\22\19-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v22-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v19-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\23\107-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v123-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v107-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\23\20-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v23-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v20-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\24\108-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v124-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v108-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\24\21-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v24-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v21-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\25\109-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v125-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v109-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\26\110-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v126-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v110-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\26\32-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v26-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v32-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\27\111-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v127-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v111-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\28\112-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v128-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v112-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\28\33-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v28-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v33-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\29\113-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v129-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v113-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\30\114-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v130-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v114-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\31\115-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v131-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v115-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\32\116-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v132-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v116-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\32\34-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v32-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v34-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\33\117-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v133-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v117-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\33\35-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v33-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v35-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\34\118-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v134-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v118-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\34\25-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v34-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v25-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\35\119-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v135-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v119-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\35\36-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v35-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v36-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\36\120-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v136-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v120-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\36\38-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v36-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v38-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\37\121-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v137-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v121-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\37\26-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v37-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v26-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\38\122-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v138-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v122-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\38\39-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v38-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v39-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\40\124-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v140-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v124-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\40\41-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v40-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v41-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\41\125-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v141-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v125-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\41\27-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v41-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v27-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\42\126-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v142-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v126-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\42\28-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v42-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v28-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\43\127-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v143-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v127-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\43\43-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v43-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v43-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\44\128-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v144-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v128-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\44\179-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v444-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v179-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\44\44-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}-v44-{97E4AEE1-7F4C-40DB-8C0E-30E7D85605DF}-v44-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\ROMAIN DELOFFRE\Local Settings\Application Data\Microsoft\Messenger\wromi84@hotmail.fr\SharingMetadata\primscilla@hotmail.fr\DFSR\Staging\CS{35367A31-7CCB-01BA-36BC-8CEE2568677B}\45\129-{B5DC1F20-CF5C-49C8-A7D7-CA3557B5B4AE}Hidden Services
-------------------
Service Name: SKYNETpqoirrpr
Image Path: C:\WINDOWS\system32\drivers\SKYNETqrsvdfdy.sys

Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACmxfqgenftjkowfo.sys

==EOF==
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

Rapp Malwarebytes!

Messagede ms3deb » 18 Juin 2009, 12:25

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2304
Windows 5.1.2600 Service Pack 3

18/06/2009 13:16:50
mbam-log-2009-06-18 (13-16-50).txt

Type de recherche: Examen rapide
Eléments examinés: 95618
Temps écoulé: 4 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 33

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\bszip.dll (Worm.P2P) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETsimwbabd.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UAChxbbsiwmupkrjkl.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACielmlkprrwuirvr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACovgjteekyjwslwk.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACtbhovrkkdrdlynd.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACwilthfwopavqyxv.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACytoblhtprujdpbw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkibabwyxvn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETltcoftexil.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETmccfunvopg.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETntixnstikp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETopcvbvrxtf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETseqwhfmuwp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETthxjinlnsm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETuicqobyuwp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvtadcpxusi.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxemjcndsim.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETyribabihbj.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\UAC5b98.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbdworenxwi.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbvfvnmxnsm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdiemcuwqit.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETemsppegqsx.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETetbdmewtft.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThimvpuspma.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETimqienwhos.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETlktehxfu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\SKYNETqrsvdfdy.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\UACmxfqgenftjkowfo.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Avatar de l’utilisateur
ms3deb
 
Messages: 77
Inscription: 30 Avr 2007, 21:09

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 36 invités

cron