débordement mémoire tampon • page 3

r@in | b0w · le 09 Juin 2009 15:13

help help a écrit:Je vous tiens au courant,

Et tu nous dit quoi :lol:

Pac428 · le 09 Juin 2009 15:47

???? Whot ???? :lol:

help help · le 11 Juin 2009 10:02

Voici le 1er rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:11, on 9/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesWindows LiveFamily Safetyfsssvc.exe
C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:program filesfichiers communsmcafeemnamcnasvc.exe
c:PROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Documents and SettingsMAISONBureauSniffle.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:7171
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;<local>
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe baxp.exe
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 - HKLM..Run: [8000] C:lqwnwu.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User '?')
O4 - HKUSS-1-5-21-1935655697-1417001333-839522115-1003..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe (User '?')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User '?')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11inssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.photoreflex.com/tools/ImageU ... oader3.cab
O17 - HKLMSystemCCSServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLMSystemCS1ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLMSystemCS2ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLMSystemCS3ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 86.64.145.148 84.103.237.148
O17 - HKLMSystemCS4ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 84.103.237.146 86.64.145.146
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:progra~1ThunMail estabd.dll
O20 - Winlogon Notify: !saswinlogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 - Winlogon Notify: ifzewwc - ifzewwc.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:WINDOWS
O23 - Service: GhostStartService - Symantec Corporation - C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesFichiers communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:program filesfichiers communsmcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:Program FilesMcAfeeMSKMskSrver.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:Program FilesSiSoftwareSiSoftware Sandra Lite 2005.SR1RpcSandraSrv.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:WINDOWS

--
End of file - 7356 bytes

help help · le 11 Juin 2009 10:03

Voici le second :

StartupList report, 9/06/2009, 22:18:17
StartupList version: 1.52.2
Started from : C:Documents and SettingsMAISONBureauSniffle.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesWindows LiveFamily Safetyfsssvc.exe
C:Program FilesSymantecNorton Ghost 2003GhostStartService.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:program filesfichiers communsmcafeemnamcnasvc.exe
c:PROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Documents and SettingsMAISONBureauSniffle.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon]
UserInit = C:WINDOWSsystem32userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun

8000 = C:lqwnwu.exe

--------------------------------------------------

Autorun entries from Registry:
HKCUSoftwareMicrosoftWindowsCurrentVersionRun

SUPERAntiSpyware = C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
msnmsgr = "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun

[OptionalComponents]
=

--------------------------------------------------

Load/Run keys from C:WINDOWSWIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM..Windows NTCurrentVersionWinLogon: load=*Registry value not found*
HKLM..Windows NTCurrentVersionWinLogon: run=*Registry value not found*
HKLM..WindowsCurrentVersionWinLogon: load=*Registry key not found*
HKLM..WindowsCurrentVersionWinLogon: run=*Registry key not found*
HKCU..Windows NTCurrentVersionWinLogon: load=*Registry value not found*
HKCU..Windows NTCurrentVersionWinLogon: run=*Registry value not found*
HKCU..WindowsCurrentVersionWinLogon: load=*Registry key not found*
HKCU..WindowsCurrentVersionWinLogon: run=*Registry key not found*
HKCU..Windows NTCurrentVersionWindows: load=
HKCU..Windows NTCurrentVersionWindows: run=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: load=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: run=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: AppInit_DLLs=c:progra~1ThunMail estabd.dll

--------------------------------------------------

Shell & screensaver key from C:WINDOWSSYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe baxp.exe
SCRNSAVE.EXE=C:WINDOWSSystem32ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU..Policies: Shell=*Registry value not found*
HKLM..Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

McDefragTask.job
McQcTask.job

--------------------------------------------------

Enumerating Download Program Files:

[{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}]
CODEBASE = http://www.photoreflex.com/tools/ImageU ... oader3.cab

[Shockwave Flash Object]
InProcServer32 = C:WINDOWSsystem32MacromedFlashFlash9f.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:WINDOWSsystem32SHELL32.dll
CDBurn: C:WINDOWSsystem32SHELL32.dll
WebCheck: C:WINDOWSSystem32webcheck.dll
SysTray: C:WINDOWSSystem32stobject.dll
WPDShServiceObj: C:WINDOWSsystem32WPDShServiceObj.dll

--------------------------------------------------
End of report, 5.522 bytes
Report generated in 0,016 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

J'attends vos remarques avec impatience car c'est vraiment bloquant de ne pas avoir internet à la maison ...

Merci d'avance !

Pac428 · le 11 Juin 2009 10:17

Pour le premier rapport, en attendant R@in | b0w
supprimes les lignes suivantes (fix checked) :

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyServer = http=localhost:7171
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = *.local;
F2 - REG:system.ini: Shell=Explorer.exe baxp.exe
O4 - HKLM..Run: [8000] C:lqwnwu.exe
O20 - AppInit_DLLs: c:progra~1ThunMail estabd.dll
O20 - Winlogon Notify: ifzewwc - ifzewwc.dll (file missing)
O23 - Service: Service de transfert intelligent en arrière-plan
(BITS) - Unknown owner - C:WINDOWS

Le second rapport indique que ton registre est endommagé.
Je laisse R@in | b0w reprendre et t'en dire plus.
++ Help Help :wink:

r@in | b0w · le 11 Juin 2009 11:47

Bonjour.

Tu lances Mbam puis tu vas dans Autre outils puis, au niveau de FileAssassin, tu cliques sur Lancer l'outil.

Tu sélectionnes le fichier C:lqwnwu.exe puis tu cliques sur Ouvrir.

Tu confirmes ensuite la suppression en cliquant sur Oui.

Si Mbam te demande de redémarrer, tu le fais.

On dirait que tu passes par un proxy, c'est vrai?

Sinon, ce doit être un trojan. Dans le deuxième cas, tu télécharges SDFix.

Tu double cliques ensuite sur l'icône SdFix pour le lancer.
Tu ne touches pas aux configurations et cliques uniquement sur Install.

Tu verras ce message:

Code: Tout sélectionner: SDFix has been extracted to %systemdrive%SDFix (Drive that contains the Windows directory - typically C:SDFix) Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html

Cela confirme l'installation de SDFix.

Tu pars alors en Mode sans échec ([F8] au démarrage).

Après être sur ta session, tu cliques sur Démarrer puis Exécuter;
Tu tapes (ou copies-colles) C:SDFixRunThis.bat puis tu valides en appuyant sur [Entrée] ou en cliquant sur Ok.

Une fenêtre s'ouvrira, tu appuies sur la touche [Entrée] ou [Y].

Le fix va faire le ménage, tu prends ton mal en patience et attends

Quand tu vois écrit:

Code: Tout sélectionner: The PC will now restart, SDFix will run again after reboot. Press any key to continue...

Tu appuies sur n'importe quelle touche du clavier, ce qui fera redémarrer ta machine.

SDFix se lancera après l'ouverture de ta session pour finir le ménage.

Le Bloc-notes s'ouvrira ensuite avec le rapport, copies-colles celui-ci dans ton prochain message.

help help · le 11 Juin 2009 12:32

Merci pour cette explication détaillée, je m'en occupe ce soir et vous tiens au courant demain matin.

Je ne sais si je passe par un Proxy (je ne sais même pas ce que c'est ...), comment faire pour savoir ?

Je lance tout de même SdFix ?

Merci

Pac428 · le 11 Juin 2009 12:44

Proxy (je ne sais même pas ce que c'est ...)

Réponse => ICI <= si un proxy s'installe sans que tu saches, c'est un malware.
? comment faire pour savoir ? => analyse HijackThis.

Je lance tout de même SdFix ?

Oui, tu lances.

++ Help Help. :wink:

r@in | b0w · le 11 Juin 2009 12:51

help help a écrit:O17 - HKLMSystemCCSServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLMSystemCS1ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLMSystemCS2ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 84.103.237.146 86.64.145.146
O17 - HKLMSystemCS3ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 86.64.145.148 84.103.237.148
O17 - HKLMSystemCS4ServicesTcpip..{10DA6281-4CC6-4E57-BD77-0210FF8F6067}: NameServer = 84.103.237.146 86.64.145.146

Toutes ces adresses ip transitent par ta machine, à savoir donc si tu les connais ou pas.

Si tu te connectes directement à Internet par un modem de marque (SFR, Orange...), cela n'est pas normal.

Pac428 · le 11 Juin 2009 13:09

Le premier correspond à Neuf Telecom. Voir => ICI <=

++ :wink:

help help · le 11 Juin 2009 13:56

Je suis connectée à internet par la NEUF BOX.

Mais j'ai mis les paramètres de FREE pour recevoir directement mes mails ..........@free.fr sur MOZILLA THUNDERBIRD.

Par contre, je ne sais à quoi correspondent les autres adresses IP...

help help · le 12 Juin 2009 08:25

Comme vous me l'avez conseillé, j'ai supprimé les lignes via HiJackThis.
Du coup, plus de messages d'erreur au démarrage. MERCI !

J'ai oublié de prendre SdFix sur ma clé USB (je n'ai plus accès internet à la maison) donc je le ferai ce week-end.

A+

r@in | b0w · le 12 Juin 2009 09:12

Bonjour.

help help a écrit:J'ai oublié de prendre SdFix sur ma clé USB (je n'ai plus accès internet à la maison) donc je le ferai ce week-end.

Tiens-nous au jus

help help · le 14 Juin 2009 16:07

Voici le rapport SDFIX :

SDFix: Version 1.240
Run by MAISON on ven. 12/06/2009 at 20:28

Microsoft Windows XP [version 5.1.2600]
Running From: C:SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting

Checking Files :

Trojan Files Found:

C:109007~1 - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 20:32:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceskungsfpxdkctla]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"systemrootsystem32driverskungsfequbrfvm.sys"

[HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceskungsfpxdkctlamain]
"aid"="10103"
"sid"="0"
"cmddelay"=dword:00000e10

[HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceskungsfpxdkctlamodules]
"kungsfrk.sys"="systemrootsystem32driverskungsfequbrfvm.sys"
"kungsfcmd.dll"="systemrootsystem32kungsfhxxnqqog.dll"
"kungsflog.dat"="systemrootsystem32kungsffapfuyqr.dat"
"kungsfwsp.dll"="systemrootsystem32kungsfdlyaptvr.dll"
"kungsf.dat"="systemrootsystem32kungsfvkdqbqjp.dat"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E965-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E967-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E968-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000023
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E969-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E96A-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E97B-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E980-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMRxDAVEncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINESYSTEMControlSet003Serviceskungsfntjgelem]
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=str(2):"systemrootsystem32driverskungsfxeppfqrm.sys"

[HKEY_LOCAL_MACHINESYSTEMControlSet003Serviceskungsfntjgelemmain]
"aid"="10103"
"sid"="0"
"cmddelay"=dword:00000e10

[HKEY_LOCAL_MACHINESYSTEMControlSet003Serviceskungsfntjgelemmodules]
"kungsfrk.sys"="systemrootsystem32driverskungsfxeppfqrm.sys"
"kungsfcmd.dll"="systemrootsystem32kungsfttkbfasw.dll"
"kungsflog.dat"="systemrootsystem32kungsfhxtesidm.dat"
"kungsfwsp.dll"="systemrootsystem32kungsfwqpyyurr.dll"
"kungsf.dat"="systemrootsystem32kungsfxqltoblv.dat"
[HKEY_LOCAL_MACHINESYSTEMcontrolset004ControlClass{4D36E965-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset004ControlClass{4D36E967-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset004ControlClass{4D36E968-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000023
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset004ControlClass{4D36E969-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset004ControlClass{4D36E96A-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset004ControlClass{4D36E97B-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset004ControlClass{4D36E980-E325-11CE-BFC1-08002BE10318}Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINESYSTEMcontrolset004ServicesMRxDAVEncryptedDirectories]
@=""

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:SDFixackupsackups.zip

Files with Hidden Attributes :

Fri 12 Sep 2008 5,355,320 A..H. --- "C:Program FilesPicasa2setup.exe"
Fri 29 May 2009 132,608 ..SHR --- "C:RECYCLERS-1-5-21-7450629416-1882011021-938330998-6938
issan.exe"
Tue 8 Nov 2005 4,348 A.SH. --- "C:Documents and SettingsAll UsersDRMDRMv1.bak"
Fri 29 May 2009 132,608 A.SHR --- "C:Documents and SettingsMAISONSharedwindows_vista_crack.exe"
Fri 11 Nov 2005 789 A..H. --- "C:Program FilesInterActualInterActual PlayeritiF.tmp"
Wed 22 Apr 2009 20,688 A.SHR --- "C:Program FilesMcAfeeMQCMRU.bak"
Wed 22 Apr 2009 265 A.SHR --- "C:Program FilesMcAfeeMQCqcconf.bak"
Tue 11 Nov 2008 0 A.SH. --- "C:Documents and SettingsAll UsersDRMCacheIndiv01.tmp"
Sat 4 Oct 2008 1,288,192 ...H. --- "C:Documents and SettingsMAISONApplication DataMicrosoftWord~WRL0005.tmp"
Sat 4 Oct 2008 13,782,528 ...H. --- "C:Documents and SettingsMAISONApplication DataMicrosoftWord~WRL0015.tmp"
Sat 4 Oct 2008 13,785,600 ...H. --- "C:Documents and SettingsMAISONApplication DataMicrosoftWord~WRL0129.tmp"
Sat 4 Oct 2008 13,782,528 ...H. --- "C:Documents and SettingsMAISONApplication DataMicrosoftWord~WRL2722.tmp"
Wed 14 Aug 2002 65,088 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplate3COM 3c556 Packet3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplate3COM 3c509 Packet3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplate3COM 3c59x Packet3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1207F PacketEN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1207C PacketPCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1207D PacketACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1207TX PacketPCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1203 PacketPCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1204 PacketVLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1207 PacketPCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1200 PacketEC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1208 Packet1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1650 PacketNWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1640 PacketNWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1658 PacketNWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN166X PacketNWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1651 PacketNWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1652 PacketNWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1653 PacketNE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN2216 PacketPCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1625 PacketNEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1656 PacketNWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN2228 PacketPCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN2218 PacketPCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN2320 PacketEN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateACCTON EN1657 PacketNWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateCATC USB EthernetElndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateCATC USB EthernetUsbd.sys"
Wed 14 Aug 2002 47,826 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPICD.SYS"
Wed 14 Aug 2002 49,750 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonBOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonBTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonBTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonCMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonCMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonCOUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonDEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonDISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonDLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonE.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonFLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonGUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonHIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonKEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonKEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonMODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonMOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonmsbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonMSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonNet.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonNETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonOAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonOHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonParalink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonPROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonUHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateDEC EtherWorks ISA (DE305) PacketDE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateDEC EtherWORKS DE450 PacketDE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateDEC EtherWORKS DE500 PacketDE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateDLink DMF560-TX PacketLmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateDLink DT620 PacketDt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateDLink DE400 PacketDe400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateIBM Crystal LAN PacketEpktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateKingston EtheRx KNE110TX PacketKtc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateLaneed LD 10-100AL PacketL100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateLaneed LD-CDF PacketLdcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateLaneed LD-PCI2TL PacketLdpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateMelco LPC2-TLpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatePlanex FW-100TX Fast Ethernet PacketFETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatePlanex FW-100TX Fast Ethernet PacketRtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatePlanex FNW9x00T - ENW8300T Packetfetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatePXE Packet DriverUndipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateSN 2000p PacketPNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateWaveLAN PacketWvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom Ethernet 10-100 + ModemCbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom RE10BTCe3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom RE10 - RE100 PacketCe3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom PE3-10BxPe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom Re-100Btx + Ce3B-100BtxCe3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom CBE10-100BTXCbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom CBE10-100BTX PacketCbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom Ethernet II PSXpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplateXircom Ethernet II PS PacketXpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonpcdoscommand.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonpcdosIBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:Documents and SettingsAll UsersApplication DataSymantecGhostTemplatecommonpcdosIBMDOS.COM"

Finished!

Plus de message d'erreur, c'est agréable...

Par contre, je n'ai toujours plus de connexion internet (page connexions réseau vide).

Merci pour vos conseils

r@in | b0w · le 14 Juin 2009 22:06

Bonjour.

On dirait que tu as quelques vermines dans tes drivers.

Tu télécharges FindyKill.

Tu l'installes en gardant les paramètres par défaut.

Tu branches tous tes supports de stockages USB à ta machine.

Tu double cliques ensuite sur le raccourci FindyKill sur ton Bureau pour lancer l'utilitaire.

Tu choisis la langue française en appuyant sur la touche [F] puis tu choisis l'option 1.

Après avoir vérifié les fichiers, FindyKill cherchera d'autres infections.

A la fin de l'analyse, il sera indiqué:

Code: Tout sélectionner: Recherche effectuée!

Tu copies-colles le rapport d'analyse dans ton prochain message, il est présent ici: C:FindyKill.txt.

débordement mémoire tampon • page 3

Sujets similaires

Qui est en ligne